afa79997cf3a73d44d9ae99b8c7db07e5a58b21b0152370b6e7de2106d19ff55

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58c400a758f7795941840dccc26bd2a4_NEAS.exe
Size

133KB
MD5

58c400a758f7795941840dccc26bd2a4
SHA1

ffcb67cc5b5d2c34b887066474446e38dd01bfab
SHA256

afa79997cf3a73d44d9ae99b8c7db07e5a58b21b0152370b6e7de2106d19ff55
SHA512

30bbfe83f97e47d6dba39d6b90e955f5398c215d4c44a198619d6e0e539ce0053e0f33316e5a263556faa293a6a0fb4826ac8309eea1602ab6287f5b769100ba
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCI:+nymCAIuZAIuYSMjoqtMHfhf5Sw

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2388-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001444f-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2388-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\cpu.css.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	58c400a758f7795941840dccc26bd2a4_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\58c400a758f7795941840dccc26bd2a4_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\58c400a758f7795941840dccc26bd2a4_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
134KB

MD5
065a6c6415168b464a5637230d8f71ab

SHA1
4dc402f66ff4fe32f757780045613aacd0088044

SHA256
15f2dcb8b2173849f2d9f4bdd26005ee2dfb3330a0d119b471b6a9c2902f6570

SHA512
14e4e2aa0f71ef7abc608e6da4af89ad1c3bc20b5045ceeec5c4767fb6c05d908dae8b900b5100ff1587a21047d409b6629701befbada814269941d15ee2d6bf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
143KB

MD5
45c7f386283ef33186858838b1b66c94

SHA1
8f17f7e0f8fd38e7be7487cd6ae3cce72e52a2b8

SHA256
7906ff3c90ad606496260fded6d34cf78d6b5e2b6361368001e68da44b549e46

SHA512
a4ca5dd42ab52a510406c5ecdbf3c6e3d14bc49eb0275cf412ead07343a83c8ca51463830ee832010c640ca4ab1c6e1755c6effcb8f88e2f8848f5de648d0adf

Download Submit
memory/2388-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2388-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads