Overview

overview

10

Static

static

8

SecuriteIn...03.xls

windows7_x64

6

SecuriteIn...03.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.DOC.Kryptik.Q.10203

  • Size

    308KB

  • Sample

    200713-797m9tzbkn

  • MD5

    ad17abb0af05e823197e08b483a27af7

  • SHA1

    0636bcb12bf307d0ff0df6bcd30907c68944f3f9

  • SHA256

    509675060738c04bac197d7914eb3ec90da8246910466f7597440e1fef194320

  • SHA512

    6aa29983e223f8ad0be20762dc63497e124eb272237981d5a50f34b33cb9ec786f765615c9c45deedb638adc5b0ee8ebe35444373c90d01ca0bd73a04e614926

Score
10/10
macro

Malware Config

Targets

    • Target

      SecuriteInfo.com.DOC.Kryptik.Q.10203

    • Size

      308KB

    • MD5

      ad17abb0af05e823197e08b483a27af7

    • SHA1

      0636bcb12bf307d0ff0df6bcd30907c68944f3f9

    • SHA256

      509675060738c04bac197d7914eb3ec90da8246910466f7597440e1fef194320

    • SHA512

      6aa29983e223f8ad0be20762dc63497e124eb272237981d5a50f34b33cb9ec786f765615c9c45deedb638adc5b0ee8ebe35444373c90d01ca0bd73a04e614926

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks