cf2fbdd1a82c28d1177aecc78296e94b08d33fd3ad81196597ba38b4f10dcbb6

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
Size

101KB
MD5

b5fb6309b4f39ea08190c5ecb854f3bc
SHA1

5f6adaebc0850049391c3570ab85591773ba79fe
SHA256

cf2fbdd1a82c28d1177aecc78296e94b08d33fd3ad81196597ba38b4f10dcbb6
SHA512

3dbd98a69bf2806f03da2801ef63d78bd02f6c29f782dc2c5c3db2258dd861f0e8b30cf7758873efbe266ec67102eb997d62bffd9c8f18a8bb1144ff3f2544ec
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN:6rWpcOPxPke+e3fFpsJOfFpsJbgEN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3439) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\Documentation.url.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\localizedSettings.css.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\b5fb6309b4f39ea08190c5ecb854f3bc_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
101KB

MD5
36178b824bc6bdf730f80b699df33d1b

SHA1
e774acf2e39b211f23f6254f76b28e2212f18e33

SHA256
3da73b851b581937e0abee6fd6da1c006a74e52a21f84cad8873d0e29d4ff2f0

SHA512
a523e954b7350ecffceb6cf6d539d7faab2a645844c35ea58e82c8e680c1ccb67d14910d2d333b5c4d81eb7f9cfffae065dea19fbcd96b721fd5b39c4cdd7d01

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
99092d0f919af44ae367fb48b38546ac

SHA1
4d6e9f4361336f64a1ec037f83a8091a3a039507

SHA256
9c8afaef9e5e2789ebd34fff9f9ca14d430b0cdbfb0d32435bad78c6aa365406

SHA512
971cc2d5cf5538a43f44e23bb23027f011c62430cf2d0ecdc3911b3b1b947780b3c84093c709261d1f71a41c122f78ec83c7e47a2f7677b930fa73fe526dcac6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads