Overview

overview

10

Static

static

8

SecuriteIn...69.xls

windows7_x64

6

SecuriteIn...69.xls

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    SecuriteInfo.com.DOC.Kryptik.Q.19369

  • Size

    309KB

  • Sample

    200713-8y2xjcmxcn

  • MD5

    303c9e48d826ba7aecf04663d9c317cb

  • SHA1

    3394d30bb16ba4c31f1340b65cf8df4147119d27

  • SHA256

    27ef9f658173804df9512e93698abdd1eb924a493cfe4945c7011fc936f5af12

  • SHA512

    77cde6d6c7399e14e650bcf4a82448fef842e3c1d61a9b724728deb86acaeab9fa534a4df4f67bd427e6f385775655ff6d5220953dbbba517cd9ba57d9e9140f

Score
10/10
macro

Malware Config

Targets

    • Target

      SecuriteInfo.com.DOC.Kryptik.Q.19369

    • Size

      309KB

    • MD5

      303c9e48d826ba7aecf04663d9c317cb

    • SHA1

      3394d30bb16ba4c31f1340b65cf8df4147119d27

    • SHA256

      27ef9f658173804df9512e93698abdd1eb924a493cfe4945c7011fc936f5af12

    • SHA512

      77cde6d6c7399e14e650bcf4a82448fef842e3c1d61a9b724728deb86acaeab9fa534a4df4f67bd427e6f385775655ff6d5220953dbbba517cd9ba57d9e9140f

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks