ff93a1971a22dd7523e9ef76fd07ab12a78909d7359b3569b13b53449ff017cd

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a547203ac8200f46713087142a04a620_NEAS.exe
Size

122KB
MD5

a547203ac8200f46713087142a04a620
SHA1

dadfb5b4abc4a908758dd4441c27a25a4273c58b
SHA256

ff93a1971a22dd7523e9ef76fd07ab12a78909d7359b3569b13b53449ff017cd
SHA512

9c044d4e70febc4f7d14f64ae68fc7d74263ae110aacbe49703dfd414c2399804a1e7f14898573d8e8758244041f08ac9f0f0eba65b39cc6c40c3b722967bed7
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCa:+nymCAIuZAIuYSMjoqtMHfhf5SC

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2868-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001269e-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/2868-632-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnetwk.exe.mui.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	a547203ac8200f46713087142a04a620_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	a547203ac8200f46713087142a04a620_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\a547203ac8200f46713087142a04a620_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\a547203ac8200f46713087142a04a620_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
123KB

MD5
4aa5430ba75f688103769d4ac0d57455

SHA1
e70403e028a4b6bf199add167f5d2e4f4a8baa54

SHA256
97ab52f46d82f1de82ac1a1ac34eba465e8c0f2ed52905c18a843726e3c21c75

SHA512
b22d4d8d99ac13f3f90ec904245327bdc82c12e8c7eedc81320f175121c6d16f4ca04de0649cfd709ecb284b346d4424e1125e27d7cfc24d2d6dd87ba9992f58

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
132KB

MD5
a6e6fc99393c3fab03cf36cd8f9961d8

SHA1
b2316d29d9a3baf63183f7f0a7357b531d822e3d

SHA256
5f6498c53337b44e43e6fdd4adf9bbf3acca4d877079d8d2b66c785e12d573db

SHA512
95da04ec712183ce5c9ec3767ac6362a2960aecf95295cc5d5ff5616704e763858448771bddb9b567ce8bf98d28333db9ff250a750dbf39923038defa3b8e7dc

Download Submit
memory/2868-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2868-632-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads