51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711

General

Target

51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
Size

68KB
MD5

15942c58a848f53dc9ff00e8d63263b1
SHA1

b99e06a922d4d18a6b789d85281523a8688a418d
SHA256

51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711
SHA512

9d0865591959df4b678c83cb8932be8a3050befd98611c1da2dafcfe7bb145b7b561612c1ff471dec4f6c9d66cab546c7cf406bacbac922878bbc97066c103d2
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/R:6e7WpMaxeb0CYJ97lEYNR73e+eKZR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (577) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe

C:\Users\Admin\AppData\Local\Temp\51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe
"C:\Users\Admin\AppData\Local\Temp\51dd9ddc6cd334c06feb95766322bb60e09dc23dea50484f910dd5f063720711.exe"
1⤵
- Drops file in Program Files directory
PID:2812

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
69KB

MD5
1b45fe2fe0d08d9044e1f904c1ef3269

SHA1
c09a783fb70ea3532400929ca6eee12754b773f0

SHA256
666426c647ecfe12708b8afce3ffd91534ea0ca7c718ce4540a9c664282e6486

SHA512
1d09f2aa15cf79ec51c8a59b9a1c309d10f5130ec564ed0f421f218a5a429f3bab94c9ebd5b275c23d611ed86333848696b158417062249673d80be47eaafd8e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
78KB

MD5
7e14126205bb9a0b5e9200a58b635796

SHA1
21b07c21684fc055c8dcac1e4c2d8d67f9beca4e

SHA256
0a91085aba773980677caa814ec2efe131bf505910e9fa72c63e61798f91589b

SHA512
e7c966fae19842f187244f3ef517a80406414d3df1dfec53fce7eb7c564e89e27e2f8bc9dd1b69ae055f11c781600297542763eaecfbea1760bea486126655e1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads