toolsmith #110: Sysinternals vs Kryptic
Tags
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID b9d8f029-33ee-4f97-b2e3-af0ead912116
Fingerprint 3e058d1985f20784
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 5, 2015, 9:14 a.m.
Added to db Jan. 18, 2023, 9:47 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline UNKNOWN
Title toolsmith #110: Sysinternals vs Kryptic
Detected Hints/Tags/Attributes 40/1/10
Source URLs
Redirection Url
Details Source https://holisticinfosec.blogspot.com/2015/11/toolsmith110-sysinternals-vs-kryptic.html
URL Provider
Details Provider Source level domain
Details blogspot.com holisticinfosec.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 138 
setup.py
Details File 1 
c:\users\malman\appdata\roaming\ibne\haho.exe
Details File 1 
haho.exe
Details File 33 
c:\windows\system32\notepad.exe
Details File 1 
c:\python27\lib\httplib2 and running python setup.py
Details File 1 
sysmon_parsed.txt
Details File 8 
c:\windows\syswow64\werfault.exe
Details File 81 
werfault.exe
Details sha1 1 
dc965d0a38505001c800049a6c39817aec3616f0
Details Windows Registry Key 112 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run