Overview

overview

10

Static

static

8

SecuriteIn...46.xls

windows7_x64

6

SecuriteIn...46.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.DOC.Kryptik.Q.4346

  • Size

    303KB

  • Sample

    200713-hhlb8wlhys

  • MD5

    384253a9cb2f48ef6e8438c20c477d03

  • SHA1

    e02d78fe03c3c5d14f4692671a6e4aba1f9decfb

  • SHA256

    1b409ff846a2f5f8d223166f8cfef47db4c21fd993f4fcf0218f6e6cc6634dbd

  • SHA512

    fbcb6036a26475173e8983771da0bbf808d5064e16473eda676fee627b5198ec865d62020ba1b71201355940bd3aeee5a7800fdba9477631cf0b70e34e07cee7

Score
10/10
macro

Malware Config

Targets

    • Target

      SecuriteInfo.com.DOC.Kryptik.Q.4346

    • Size

      303KB

    • MD5

      384253a9cb2f48ef6e8438c20c477d03

    • SHA1

      e02d78fe03c3c5d14f4692671a6e4aba1f9decfb

    • SHA256

      1b409ff846a2f5f8d223166f8cfef47db4c21fd993f4fcf0218f6e6cc6634dbd

    • SHA512

      fbcb6036a26475173e8983771da0bbf808d5064e16473eda676fee627b5198ec865d62020ba1b71201355940bd3aeee5a7800fdba9477631cf0b70e34e07cee7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks