6631cb01fdc26a413aed2024c8c7d516d4fdb0f7829f12367a776eb2a3f124dd | Triage

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 06:04

Sharing

Report Analysis Logs

General

Target

dictionaryE/DIC32.exe
Size

765KB
MD5

8346bf5e6df982bd4f37beeb812c3ca3
SHA1

05999e0f2f09eda57809b99e2d35b088b32a347e
SHA256

8262a552f6b3f7588ac5f8443e64948e67c03498430c4be80db7cf6f3dcfd270
SHA512

ec7b3935a3440f0359e45aa1262d14ae999ada72d2ba3c829b50f8f7eca9c20947c5d1097a6bbcae6b39e0c244b73bd188c6bd9f8e16dee38bb2eb4ee0130677
SSDEEP

12288:tEea++mxXYNp9EXqQR05j2/gSs9miR3WzhheD+Yau4k7x9ekhNrO:t+++3NpFQ+84Lv5OYauN7x9ekhNr

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\dictionaryE\DIC32.exe
"C:\Users\Admin\AppData\Local\Temp\dictionaryE\DIC32.exe"
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-54-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download
memory/1736-55-0x0000000074290000-0x000000007483B000-memory.dmp

Filesize
5.7MB

Download
memory/1736-56-0x0000000074290000-0x000000007483B000-memory.dmp

Filesize
5.7MB

Download