1e7dc933bd9feff06f5786fbeeac129e68470e0f4dc0c8bb969a58cd50ded74b

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e725b17dda750bc104188b92b3c8c50_NEAS.exe
Size

368KB
MD5

7e725b17dda750bc104188b92b3c8c50
SHA1

603b7267dc879e255c18f10620845b20b581dd24
SHA256

1e7dc933bd9feff06f5786fbeeac129e68470e0f4dc0c8bb969a58cd50ded74b
SHA512

9afe8187de9173bdff32e37e9d42ea678b6d1407f66dd993ffd8bf873114c0c8fbb29a25cb3b055f18d5addb37770428ecff3b5056b4d9178afa8b22bb888908
SSDEEP

6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgsd:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4270) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp	7e725b17dda750bc104188b92b3c8c50_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\7e725b17dda750bc104188b92b3c8c50_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\7e725b17dda750bc104188b92b3c8c50_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:4504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
368KB

MD5
3677544f8702c771bff04f144e9b1b10

SHA1
06f463b7cb14580e5312a42f22e79a47c2143d94

SHA256
4d85b4e98c105246e29591e3735ab546168a670dbc40f62b5223b27e869c0574

SHA512
7e22357f3082b9e4d22ad758d6b43955e624f1b2a83f59aea20d001c73b4ec0e5811c259f0857760d14a68b277c58108d45fadcf869ed3ce6919f216f6ddb8ee

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
467KB

MD5
9fef304e11e340a901741d60947e1434

SHA1
bf91a3b759673d6c0ee2ff19b5f091492cb1500c

SHA256
c72e2877780aaeb8efa5ce7c4e2f2de037ea5a5eb051fdec13deb16c90225deb

SHA512
b98b436cd172c9b25fda8f9dfd9bf0840401c2d73e864a32f7355fe7c14635b329a631bada02600f81a6ae597859220a1c355958b0ed987f02670c9abee3a56f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads