806696b58a8068a8b1395fcb91f944823fe7af19e0347ce3a1faf5ab4ff88094

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c778405f1080a6623ae01149459830_NEAS.exe
Size

224KB
MD5

92c778405f1080a6623ae01149459830
SHA1

9121dbfa20cd86366b2545e729e5c19d98905a54
SHA256

806696b58a8068a8b1395fcb91f944823fe7af19e0347ce3a1faf5ab4ff88094
SHA512

c4c807ed2058609108afeb018976973ff2f85ee57577dcf02f61aa77279c9333cd014fdff58faa717fcbdb01e27168cda846aae085efb5e39d95ac14dffd6739
SSDEEP

6144:JmCAIuZAIuDMVtM/SgLzdGn6K85m9OA+tSo5VVR4:7AIuZAIuO98VVG

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3070) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2748-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000014323-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2748-532-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\UndoCompare.au.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	92c778405f1080a6623ae01149459830_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\92c778405f1080a6623ae01149459830_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\92c778405f1080a6623ae01149459830_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
224KB

MD5
b3b3633dd646549f0878e0d7a9669d0d

SHA1
14e1b5f1982984f7d10e485c6b4f461b845a8450

SHA256
fa142657c694bd789a9d3d605398fbd009b17c8044a50c9d848449bf7a681f47

SHA512
a2e99ca2f3248905f7272bb0177a63135d6ffaac9658b03150ac97609dce6493aca85e9623e7b0ed06c40fa2fee74df9568f4a91a7bef165b1597ec10caeb39b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
233KB

MD5
42dbdce7726339df132d4bf2ba03c035

SHA1
83b13bcaf699a02e1cfe657ee7a0cc634f922e68

SHA256
fda8d53d1936d87bd74f3196fc08c97c92c2d4c5e9582d13ac4c3d8a8efce122

SHA512
28a088c49f2220c63f9dc81be803c0a5231d9da01d2b73e88bd4fcc0bcb9043da3acd714028529a31ec4e851055a60641becb9154ab14f9653a65a2f619c0ecf

Download Submit
memory/2748-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2748-532-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads