a53b2f9e5b111dfba4f6069dbde6cab553e35770385c000519f554f82fe02e52

Analysis

max time kernel
150s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 16:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
Size

120KB
MD5

33a2aacffcf115b4297f21f69bcb69b1
SHA1

8c17af7b208619d45b31fe38d064cbd5ef2b2d6a
SHA256

a53b2f9e5b111dfba4f6069dbde6cab553e35770385c000519f554f82fe02e52
SHA512

2f1a2c85a15e28bd461bde8013e405ebc6b82cd743c9cf7b559551c95234e35acb82ef46ef3d91de4ad80aedcab3384517b935312b091a84298d4932f8ae46e6
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCm:+nymCAIuZAIuYSMjoqtMHfhfP

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4849) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/660-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000023286-2.dat	upx
behavioral2/files/0x000800000002295a-6.dat	upx
behavioral2/memory/660-1786-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\33a2aacffcf115b4297f21f69bcb69b1_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
120KB

MD5
95879f5f592325f1abc1afb9713a9a06

SHA1
09c87b4bda334fc37e3b77cc84b987a63ae787e0

SHA256
d8683bcf2fca3f06f0ade149c355317faf40cff873ef41039ee4ea0c2921ecc1

SHA512
b3bc600f775095a19b0a47ea017a2111751e0cbef2405c012f5eb484a68e4017a5bac08c6906f1d3c07772cea26b20a29999a86b45363c281fbb8751960a6928

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
219KB

MD5
37d03e03c0d2aae8673dce8e6f079a57

SHA1
ea5bd14a3498dee5047edfdaf0329389cc444fe1

SHA256
10eb55e1f8647f6f173189ee35a33cdcdac1858b4e3a28bc20ab4c366c614d9a

SHA512
4caafef64f547871f32703172eb460ce65be78182fdc882a8a6cd4a667e0f0d4c21a9702955c8505859a9de0b161cbd2df19307e08d9829861c3c7aa581412bb

Download Submit
memory/660-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/660-1786-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads