f8e7b439a260b4f0f45755c794a73e4336e8facb7aed56aac0b7297cb11edd08

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

988092519856c137b13362086c85499a_NEAS.exe
Size

82KB
MD5

988092519856c137b13362086c85499a
SHA1

6c0ed175630ca9cb6436bf66a56c155b8f07f204
SHA256

f8e7b439a260b4f0f45755c794a73e4336e8facb7aed56aac0b7297cb11edd08
SHA512

f1fb4c7d3d44c5d06d12e5e8f06d8f15475cb856affa0cea6fa879f56bea43610ea3f7379b6eea24699e64465cdb877f89200a67c56cfcd8dea4edc124bad687
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGAzEWzVNOx0ypIzIu73mYdE9aC3s9XL7EWzVNOU:69WpQEJAzEWzVNOx0ypIzIu73mYdE9d8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	988092519856c137b13362086c85499a_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	988092519856c137b13362086c85499a_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\988092519856c137b13362086c85499a_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\988092519856c137b13362086c85499a_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
82KB

MD5
96b5aaef29cc063e506a6a4ceac11a59

SHA1
207e7b2dc6dbef5aa1faf298d4528c06ce366f47

SHA256
6c7a60c2e6424a580f982dc0304d7aed21b7d44afcade9e64de41a9217ac9121

SHA512
4ce2b67901d30db6e238fa05eda545927c3ea61d2e11707d4253ea75431ff198a36ae0e9cddf5569a94595bacce92712ac89091bcf2b457ff93f6c6301d814a4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
eac467ad3c2865624832575a3598edc7

SHA1
212fbc418dcc2b709419806624e352b107f155e7

SHA256
a9ffcdca48682794d8c14ee86c5eb0415a17e2e1d99b81566d16bdbda5fb5ba4

SHA512
2fa8e899eb6a93007c22eec0380713aff8ec13ddaca5ca935ff07468fc1649395ec460588200fb547720c73554ecebecb03b6f711489ab34fbcbdb3365f6a038

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads