Overview

overview

9

Static

static

7

33a2aacffc...AS.exe

windows7-x64

9

33a2aacffc...AS.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 16:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe

  • Size

    120KB

  • MD5

    33a2aacffcf115b4297f21f69bcb69b1

  • SHA1

    8c17af7b208619d45b31fe38d064cbd5ef2b2d6a

  • SHA256

    a53b2f9e5b111dfba4f6069dbde6cab553e35770385c000519f554f82fe02e52

  • SHA512

    2f1a2c85a15e28bd461bde8013e405ebc6b82cd743c9cf7b559551c95234e35acb82ef46ef3d91de4ad80aedcab3384517b935312b091a84298d4932f8ae46e6

  • SSDEEP

    1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCm:+nymCAIuZAIuYSMjoqtMHfhfP

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3433) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
    Filesize

    120KB

    MD5

    184bc9941dc5d088b4b71d3fdf9c8b58

    SHA1

    be9ba4bf7e569ea744b7d03a9f20d92ce68c2417

    SHA256

    b244e14f8a9db5597a2f5039187eafb3104388853200d166d605b84fe86b2770

    SHA512

    38d306fde8abffdfd4837f49684c0ab30e791faec259e417ff55667e3dd54df02df0dd05e2098f385163f62e191f91a2b91e5265e462f1c4823e56f43256fdf2

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    129KB

    MD5

    b4ea4a0c48edcaee53b52848d44a5ba2

    SHA1

    82391d197e1fd259b24828ff5a81f4768a4a1bee

    SHA256

    140c854b25a74e6131617b90383d2a7f3256b97e16172fc6f060435334eebd2a

    SHA512

    fc2040012eb072e5e274d49dbd3e59d2919e9f9fc30287b35958d8bd6137b5f0594a48359a289fb33bb031ee18ddd22b15959f1770613e72c6f167a95c7915c7

    Download Submit

  • memory/1740-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1740-648-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download