baac325da47990be5587a28c731d85a952e31efa6ac5c6c7b264e709769a8f6a

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 08:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
Size

94KB
MD5

0f6b0cdfd75de5ce1ef0033f33927c90
SHA1

0f1448173c314568057bfb5122c4c75a5aa89eae
SHA256

baac325da47990be5587a28c731d85a952e31efa6ac5c6c7b264e709769a8f6a
SHA512

3b462fd5bf6dc7ce7f67ff93e19717cb02037724e307a43f0b49c42f13187fc04b384a85837cffc6e71ed3801870f7311f8baa3189941beb12ea86d445132382
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/OfFpsJOfFpsJagM16:6e7WpMaxeb0CYJ97lEYNR73e+eKZOfFE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\0f6b0cdfd75de5ce1ef0033f33927c90_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-877519540-908060166-1852957295-1000\desktop.ini.tmp

Filesize
95KB

MD5
91f6aaf2401843725f48ef598ef08f2f

SHA1
621e72129f9574f45a911a255a8bd4254aa288b3

SHA256
f129c1f0cf2f6914da8e490f6556f0ed56fb190412eb8689445a1daf26b940fa

SHA512
a9979808c5aa37c435348d8c77b90951ff05f96d23bc6464e9602599763b9e16a5693999a4e2501b6eee49027200949c01b819019cebf74d03f96ca386196474

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
194KB

MD5
3c4f953f91f722aeaf362d8d497dc74d

SHA1
dc4d419dde8e2aaadb73716d0afd9da259766a2b

SHA256
f69f3eae74da6bae701bfcd7238c446b83ca03c7aa022de80d4ffb5455c0cd59

SHA512
f1cbc81b0e601c33e9c7453b1cbbbd136d07b98a688184f681bf649164856cf876a26879c49c25478f375b2449e2ba4d049a180fbe40354f942a8f35529ff4c6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads