344e0948073f3488f4ad763acde0f18e26a8cccf9e2e7f3b527be251a3019fc9

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 16:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d2de29815d551375518385f3c2a9ab60_NEAS.exe
Size

136KB
MD5

d2de29815d551375518385f3c2a9ab60
SHA1

840cac4ed0c6462d3c0bedbce80878d669237dfc
SHA256

344e0948073f3488f4ad763acde0f18e26a8cccf9e2e7f3b527be251a3019fc9
SHA512

ba4d7a961c9b51ab6d2ee22e8f83f078137ee4dd48849b2e78ed492bb0037c82edf2730724ad7b7284ee225130c42adc087120f0fa3f3b7895c10b54627f7046
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCD:+nymCAIuZAIuYSMjoqtMHfhfGXxX1

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000016056-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/1968-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Windows Journal\fr-FR\PDIALOG.exe.mui.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\LimitDismount.asx.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	d2de29815d551375518385f3c2a9ab60_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\d2de29815d551375518385f3c2a9ab60_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\d2de29815d551375518385f3c2a9ab60_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
136KB

MD5
ec405dda9427112e564cfdab51a27868

SHA1
6b14d8b1add632ef44f5e817f758b35cec18e1dc

SHA256
211ecde0b65cef5ba6178b2e3e8a9028a7e68008f39ce485901812bb23ad2c61

SHA512
20ecb17b403d312789bd558388b1f4c697f830a98327d72d97c979e761789dd0655f26c0e1e68b067db002ca19323786ad3bc1237f0be4cee449fa4163c8f8fe

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
145KB

MD5
7414876ea6e6da41c45ebf0f104ca517

SHA1
021d95ae1f58d0c79cd55ed353d7f25d0b6d9f1c

SHA256
7d6970bb189b43d89e8430b56d9acaec7dd11867507802625d10d6231ecb1bce

SHA512
607663fa0f075ca98792305e2727ad45cb4c7e228eb0e518c97c43da4abd6177c52f79033cd11f66623b6a30e47586f93b0e8999cfea1ba239cf755572cb1fa9

Download Submit
memory/1968-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1968-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads