18878a66309f60de41ef80867408e75ef8fa0b11d8ece56c0fca4d12e0c4257d

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 15:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
Size

69KB
MD5

c23cff514fd22ec1d5bee795a052ee10
SHA1

481f4e406c29fd02aa3379bf0a902e439db96a53
SHA256

18878a66309f60de41ef80867408e75ef8fa0b11d8ece56c0fca4d12e0c4257d
SHA512

4c232a45a30ad9e1926c0962d8201a6f0491fdc7a5bd0345009e3946388eb606f8a28eb1179757884633fe201e23fe1ee25c8c05fa704694cda3ae079eb3c14e
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuWnwXuvvnwXuv4H+:W7ZDpApYbWjIlE77uew2wTH+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5098) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fr.pak.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sw.pak.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ms.pak.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\v8_context_snapshot.bin.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SFBAPPSDK.DLL.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	c23cff514fd22ec1d5bee795a052ee10_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\c23cff514fd22ec1d5bee795a052ee10_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\c23cff514fd22ec1d5bee795a052ee10_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
69KB

MD5
dd9abb3f5c3aa777379776787a581fe6

SHA1
16f1c2e41d91480000b1fb81506216155b5fdd00

SHA256
c335b43e68204b088ef5e2b8ac78eb0e27e2bc6caac4e8f98c9fb47c9cb2c09b

SHA512
ee966d97d0ea3172528a35c583fc370bf9795506568be29e20e819d604ed07a1f671190e4824e166039362b99f95fa0214ad57b7ed33ae80604845690cff89c5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
168KB

MD5
f706603580cdabb437f645836c72099c

SHA1
c88f11e52920e00806d41e94ac450e7790ad76c0

SHA256
01a1ab1cce0867b3ff1218b64e26be60b968571393ea828fa811b453e2863855

SHA512
00b1f0c06398f2ce80a81280e465384d01d3ca01095d2a6b9d472ab559f26e007241d04f16f6ebae36562e01fd830c1b1a3bfcc67898d5029b1e35230aabb5ce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads