915321bd8096a03bd114166471a361216ecff84fc894d87b20db456fd6d3e8d8

Analysis

max time kernel
103s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 07:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
Size

65KB
MD5

96c0b2373e46ffe7dbe3b80b3011c0d0
SHA1

21c2be1a0ce0cb3fdb904e0629718a139886dce6
SHA256

915321bd8096a03bd114166471a361216ecff84fc894d87b20db456fd6d3e8d8
SHA512

0c1217bcefe2120340f955733bc44becd0bc0fa364fe744ae28b86efbc5ece9c0c24cd86ba426d0d388b9cb61d284980166991f0734585699247f0c98e3153c6
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxt0YRYvBJ:W7ZDpApYbWjIlE77ufL6YRYvBJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (233) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\96c0b2373e46ffe7dbe3b80b3011c0d0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
65KB

MD5
c6c9b05d17ac91dd7c42a5015c01d07f

SHA1
d85e0ac95be9f8d70a92027f9f3d6fa89b806234

SHA256
559846ae3c8b69fd48310d2a5fa2a9268beb6f8919298f37a8eb941350a21eb0

SHA512
d149d46fb25a691cce665f28d626c0a227fc9c157e5a1a00f6056c02e6d975d466c4743a2d9fb4fda8c2606fdd39731b37a97ddaddbcd3c7577b1bf5c95b175c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
9a9956b4423460a4b69375649fb18d2d

SHA1
9218a839bf11f5735bd61c121b239edc2b258675

SHA256
29a7a9267841302653e811bd10746314718700c19c6f9bb68e31f2fd40fe9bd7

SHA512
06692f8154d5e0734fb465ffad48c1747afbb69f18c0f3578515f62da9f14a61b6bbe6aeda30792e73afcbfa63e313cabfc8ef8ac3ab1facb347c024b06e7af2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads