793c755494c56e3726dc55333f0fe6c733c27e0cb40a609e45ce395c0401dcbc

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
Size

377KB
MD5

1c55504cea8a0a6e516f89b0a7a038c0
SHA1

c8431abe8638cfc0b966b194ee57342fae3e3389
SHA256

793c755494c56e3726dc55333f0fe6c733c27e0cb40a609e45ce395c0401dcbc
SHA512

f49d807efca9d49e5dc3a38384366bf3f7d416b9bd346cfed3f9627abfa70bbd29efcb71bb5561f2cce8e51a925c006d61aef9da067d114c18c0ddae930bf2fa
SSDEEP

6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgsEhBhE:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2773) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\1c55504cea8a0a6e516f89b0a7a038c0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
377KB

MD5
923d0eb7de94758fc772b32254acd27e

SHA1
56d244416b303118e1d605b97437af02f8231f20

SHA256
f1514d0f72c2b33395c840498742c1eda3022a87b92a647e7b5839d899c08dd2

SHA512
c0aa0b21a5cb074b17f10fcb47508c6f19eb7af422cf2342fdd4dd56fc1ac5b09de51ebd5c9b8ab53fb321437ccf24c05aba18fabd541e462af8ab7787c11c14

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
386KB

MD5
926ed063a224e632d77d3a892f5c8022

SHA1
f36c65938b48ecf015611e8b159948a76759a510

SHA256
87f1893e2164b2a300f886ecc69d4c6a391c7c5d747bb563811af2d313b45acd

SHA512
aee3eb786c52ddabb4b351033c425b35a5767908f0312389852a7c480d14915b4de53b2bf9a3133302ab57ebba7306a7a2ea384975fccdbc5fe5ec58b2e6b5c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads