806696b58a8068a8b1395fcb91f944823fe7af19e0347ce3a1faf5ab4ff88094

Analysis

max time kernel
150s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c778405f1080a6623ae01149459830_NEAS.exe
Size

224KB
MD5

92c778405f1080a6623ae01149459830
SHA1

9121dbfa20cd86366b2545e729e5c19d98905a54
SHA256

806696b58a8068a8b1395fcb91f944823fe7af19e0347ce3a1faf5ab4ff88094
SHA512

c4c807ed2058609108afeb018976973ff2f85ee57577dcf02f61aa77279c9333cd014fdff58faa717fcbdb01e27168cda846aae085efb5e39d95ac14dffd6739
SSDEEP

6144:JmCAIuZAIuDMVtM/SgLzdGn6K85m9OA+tSo5VVR4:7AIuZAIuO98VVG

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4664) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/592-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023b15-2.dat	upx
behavioral2/files/0x0007000000022971-6.dat	upx
behavioral2/memory/592-1520-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	92c778405f1080a6623ae01149459830_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\92c778405f1080a6623ae01149459830_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\92c778405f1080a6623ae01149459830_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
224KB

MD5
5914f59dea0ea4e13f4bc2815d7cd2b8

SHA1
dbcdfded1a1e2522016a4666992e5785c966e592

SHA256
038bb0a801758a04b6282f9a347eff589ad7b235ab1d99e7c46774ab5c1712b1

SHA512
9b532236880b5e9fcf39d2ff05813a43def1c562c4eec798c4e426c5976418ba3847b77204a345ff4f64a2506a14def969722fd7ade214624de317f6d9136fc4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
323KB

MD5
eacea55d6f9fb8f3e8cd51d573a56787

SHA1
2b42f571ebf6a98c9f5a887c76cdbeba17dc637b

SHA256
ecdd224f9cefa65196f0727191bf341c3e6b1ac806ccb1663b51a422cddac3c5

SHA512
4accb64662cd4e42893bc17b64fd0a8a0bd56a6d17f9712330406d9b36939e45328389a5dc81d3d26d67c93cca975fa146f68f0a2bc66249f97d755ce3e73c4c

Download Submit
memory/592-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/592-1520-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads