baac325da47990be5587a28c731d85a952e31efa6ac5c6c7b264e709769a8f6a

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
Size

94KB
MD5

0f6b0cdfd75de5ce1ef0033f33927c90
SHA1

0f1448173c314568057bfb5122c4c75a5aa89eae
SHA256

baac325da47990be5587a28c731d85a952e31efa6ac5c6c7b264e709769a8f6a
SHA512

3b462fd5bf6dc7ce7f67ff93e19717cb02037724e307a43f0b49c42f13187fc04b384a85837cffc6e71ed3801870f7311f8baa3189941beb12ea86d445132382
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/OfFpsJOfFpsJagM16:6e7WpMaxeb0CYJ97lEYNR73e+eKZOfFE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\cpu.css.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\settings.css.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\settings.js.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\platform.ini.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\service.js.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\CheckpointRedo.xlt.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
95KB

MD5
bc3365bbca9857f90a8e197c582419f0

SHA1
22f8da81c91e27892e9c8e2a5832498e7242bf6a

SHA256
5b246b717ed52dc577c7df4b3d4b8a05d9cb44406b4b04454501b1c3ce5f829c

SHA512
2b2e2c171635f7fccf66921fd1a2d33f79bb724f192be612b8aefead5530ad62965f4c79bdfac6bdd3941f48f436be953e3a5650cbc83b0d13f2ca86860ba3c3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
9ef463248979dad85b02c0cffca5cce2

SHA1
f562cf800efdd891b87ad7dd3bc939a0d03eb021

SHA256
4a99428352b95c33ad6d910ad8b92e7e9408f7c31487345ad7ded37f9199aee7

SHA512
bbaee60c47d2c26ffb727ae7a6f36741d20801cee499b08933de05030166dca6281c09fb1e276ffddf757be00a75f9a69db5192bb0047108ebad13ee9eacdd4a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads