51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d

General

Target

51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
Size

81KB
MD5

2b90d929294f50d13dc171c9da3db7db
SHA1

b92e8067e4614d5309b0efb8f92e954cee240f25
SHA256

51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d
SHA512

2ea3e8e9c09a02a9961e0f2e195b221ccc20008e393a21cf6bbe705f8823f66090de03069d703dc9f872c9a2a0984420b95644b57990181c8237e9237cecfa0d
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/L+Q+p:6e7WpMaxeb0CYJ97lEYNR73e+eKZC7p

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OWSSUPP.DLL.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp	51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe

C:\Users\Admin\AppData\Local\Temp\51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe
"C:\Users\Admin\AppData\Local\Temp\51a46381a0cc62dd8f3d4bdefae4beb8ee88e7c69efd394a8126d6380eb8512d.exe"
1⤵
- Drops file in Program Files directory
PID:4484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
82KB

MD5
3c235634814926e5390545e901dba56f

SHA1
55a3594e0f1fd9b1ff53fd3161cb7390a249c3f0

SHA256
d289a47c0a0c32125eb2a69e3eab0c07c5044a909759c86007e881142b3a1128

SHA512
f7d5ac0097d170b434dffa93e1110c255524fd4923de759a5bfebabd9a1b04c06b3edb5049ad0413efe371383ad71346a46e1481a674581af577e04949191da8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
180KB

MD5
04005a717a477c7ec1c44ce53db686d1

SHA1
d795c2f865d7925a48e40387dc17fe6d4e7975c2

SHA256
4e65875aec1a9a3e6fe3ebc72fe75f1a6cbddd49d99d98902b30477a8c7d8936

SHA512
218dd8d00dc7c9c4826d989711faf8476e3ca764632213f235263b8e4cc93469177364de07e6d8647ffbee86d12fa1d0557ed5cf3ca63975b35f483d58151d0c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads