262afa8de6c5cfa7c3437971b7c649b54aa48ba86aeb6d55db28a4488a80cf8a

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0df48b4d53761431367ed6ac63a524c0_NEAS.exe
Size

85KB
MD5

0df48b4d53761431367ed6ac63a524c0
SHA1

e2f7212acdfa8189c0067a6f1dc2b7fa14a6b5e0
SHA256

262afa8de6c5cfa7c3437971b7c649b54aa48ba86aeb6d55db28a4488a80cf8a
SHA512

0ba0387a5b93f80267cff4aaec1c803dcf6b9bd692f30d7e8c27cd86509d479b75a8a2c72842c79e82d9a847a77f5ff94d3bdfc17613c01951ab9a0a6a30e4e0
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/M6F:6e7WpMaxeb0CYJ97lEYNR73e+eKZh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4843) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp	0df48b4d53761431367ed6ac63a524c0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\0df48b4d53761431367ed6ac63a524c0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\0df48b4d53761431367ed6ac63a524c0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:4012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp

Filesize
85KB

MD5
8e538b04c12051d469d24815b30ea598

SHA1
796b0c6e30d99cb8f8e16cbe2dcbad9f88e7fb9b

SHA256
7fef00cffa95c1c4784576e70152fb251909776b5b41ea85be19713f57d7ffa9

SHA512
7e3f4751c03f6eb044b1589bd11905b91bc84398e80a4f2cba0ee1b8a3f03a6d3362c179e5828b28fe72cdbcc0691256b77ead8ad87f3e50d1020fce6dfefed0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
184KB

MD5
ce95ef6a8fd7573cf8016dd6019da7ec

SHA1
0862748b4c2b94194fd400fb5538d4e78fb3d1cb

SHA256
449e768666efb123f0b3f618ea0d3cc35a19a95a9202cbffcf173b4e153c55f4

SHA512
6e27909da1ec05371a9d8bfc81eceb3c6b5214ce2bb3c567e876250212b04df129519d5d330f92e4ac029f88e6854dc78ab1130aa3a6462c57be392d008faac4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads