2d73a1fa8b61c47e53cf471899bdcf7399f062a8c050aa25af2c04a886d58088

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aef8414f1422fa21b0209def99e5db66_NEAS.exe
Size

378KB
MD5

aef8414f1422fa21b0209def99e5db66
SHA1

23a61b0ebdbf9492523879e09d5f894ac34e92d9
SHA256

2d73a1fa8b61c47e53cf471899bdcf7399f062a8c050aa25af2c04a886d58088
SHA512

6c930c97215a39eb774cf616e61b07f260706ccf30ed7cfb0fcc84304b62b276f1b8d56389ff81fb5cc097d59591652cb8d35ee831c00f2c3ea53f9a0d43ba53
SSDEEP

6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgs5hBhv:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (228) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	aef8414f1422fa21b0209def99e5db66_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\aef8414f1422fa21b0209def99e5db66_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\aef8414f1422fa21b0209def99e5db66_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
378KB

MD5
6d58e75a69d3178c07505fc9d635b17d

SHA1
b5f1feeaa03c03a2242c28d4c8ea343e1ead3c2d

SHA256
9214f5288d7f9355608258e72653e9b6d09d5fa14c5fde753f76eecb62f1880a

SHA512
8dc4e0f256a12e316099ee1dbaa6f791b7a7dbab4782d5e1e420db8a5253556c19dd9480e84a035b86dcb03955b5402c9ccf830cddc2c9aa1cdde002b3bc0a77

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
387KB

MD5
fa4f5d8084a4072d88aeb3bb52e0958a

SHA1
54a92c20878505bb039ab45d70b51c0d969e425f

SHA256
5b372e56b2803029e76bda1c3145c876fc397f04cdc54d18ae5e120be428053c

SHA512
ffb1597bda1c9c1c59bc98833b7e438ebd47afdcd0a77f6bd9509fe3a7edd2959226f1f9d2b58a9b89ee03f5ba19bb4453f0b523bd09cf4407a9856ccded49a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads