Overview

overview

10

Static

static

8

SecuriteIn...86.xls

windows7_x64

6

SecuriteIn...86.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.DOC.Kryptik.Q.6586

  • Size

    300KB

  • Sample

    200713-jwql7my442

  • MD5

    ee4e4354a83b4f83ce02d43d3d62f605

  • SHA1

    91c416665c0d3265ce241e745a146f5c2ea8b7ba

  • SHA256

    37bae39cdd152ba0ad9c8661f7fa2740fd23c5d4f4666a560d11a0100da100e7

  • SHA512

    8630fe21d22767606897aa501e9e1368178f63a0ccb566b2707b1d864dc1083de4d24e398291b99b00884559b8fcaa24f1b85b16709302f23dac40aadcb864e0

Score
10/10
macro

Malware Config

Targets

    • Target

      SecuriteInfo.com.DOC.Kryptik.Q.6586

    • Size

      300KB

    • MD5

      ee4e4354a83b4f83ce02d43d3d62f605

    • SHA1

      91c416665c0d3265ce241e745a146f5c2ea8b7ba

    • SHA256

      37bae39cdd152ba0ad9c8661f7fa2740fd23c5d4f4666a560d11a0100da100e7

    • SHA512

      8630fe21d22767606897aa501e9e1368178f63a0ccb566b2707b1d864dc1083de4d24e398291b99b00884559b8fcaa24f1b85b16709302f23dac40aadcb864e0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks