1edc69b52ab8d67094a7dba0447af3f9267ef02768a8e3038792e2e8fce3b227

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
Size

145KB
MD5

0f8784ebbd1c6e80fc604963a0702c20
SHA1

4952f5a5f881e95f7760ee67df317ee143f04bf0
SHA256

1edc69b52ab8d67094a7dba0447af3f9267ef02768a8e3038792e2e8fce3b227
SHA512

bb19d3ca4d1c06ab020ed1d10ad5781aaae528e6dc4ea4a4a6cf18e43f077498b7ec40e0dba44171a1f91e9e88c8fcecc519bceea1d38b1e85861d3a5e51b9d5
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJS8:KQSo1EZGtKgZGtK/PgtU1wAIuZAIu0bQ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3430) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1680-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0009000000014539-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/1680-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\0f8784ebbd1c6e80fc604963a0702c20_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
145KB

MD5
555a4f2abddb8b58ac989d7405e5ac87

SHA1
afa7dce2c2b04e4ca0832e6fba3f4971cda03089

SHA256
bb2cd771402c60fa8343ec5e2383f7219c376cd259e663f0ae8df2e07e25c1c4

SHA512
c3500de6b9ebc18c6ba63b0514f1be37a36d3380ca376d8d68fecc069694bf99ff6cf3b2392364fd11c539028613d32018585342a41e589c575d3d4dd671b6be

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
154KB

MD5
af45165630f2ceba0a5cf36dc4a93626

SHA1
28839fc0248aa95010cdd5064e420e8bbea9e02b

SHA256
3fa18dd63148a1c8feefc355acf7ea1a4c7b9000669e506fb2f6342487e91867

SHA512
512914e1ad5632dae7cda00441e6509e9c9e7d51435504fd9091038f45d2e7335e6c72c83a4fbfc36e2e572d8a990cbe2615c49b34e3cec33354c73105f0d379

Download Submit
memory/1680-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1680-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads