Overview

overview

10

Static

static

8

SecuriteIn...80.xls

windows7_x64

6

SecuriteIn...80.xls

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    SecuriteInfo.com.DOC.Kryptik.Q.17780

  • Size

    295KB

  • Sample

    200713-gyctkqpyrs

  • MD5

    405bb15c0a415c57b9dab50a6091c9ff

  • SHA1

    ac32a14b6e71c6db7947b02554ef82986157c98a

  • SHA256

    fd8aec0158da8e2d9e0d3bbc78c9bf73e72613e09bf385d728438a3dd89dd665

  • SHA512

    6590a4176a7f934af417ff12ecb39d8806bee8757e50a27a4b6e9a517896461d0536c56956878fb71b61bf216d785a11323a8f1a5ae5afa4f9fb19a6e28fb68e

Score
10/10
macro

Malware Config

Targets

    • Target

      SecuriteInfo.com.DOC.Kryptik.Q.17780

    • Size

      295KB

    • MD5

      405bb15c0a415c57b9dab50a6091c9ff

    • SHA1

      ac32a14b6e71c6db7947b02554ef82986157c98a

    • SHA256

      fd8aec0158da8e2d9e0d3bbc78c9bf73e72613e09bf385d728438a3dd89dd665

    • SHA512

      6590a4176a7f934af417ff12ecb39d8806bee8757e50a27a4b6e9a517896461d0536c56956878fb71b61bf216d785a11323a8f1a5ae5afa4f9fb19a6e28fb68e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks