Cryptam // document analysis


Sample Details

original filename: b302766050e8ae9fa7813aaf38f83410f81a91e6_9.docx

size: 1206653 bytes
submitted: 2018-04-11 17:33:27
md5: 92a127c08157349b64525d12d2811138
sha1: 047924234036907c37fe674cf57bd4ef921df49f
sha256: 08e916cb9cace8ca62ed8d038a7ed343f218a4d6f008fb7e7b22999ed06e3497
ssdeep: 24576:9t43/2Xn/lwFR7l0t7JKJpzyNubZ2PbY4UlqGpsj0lmKrkpvQMX:cvO/yrl0t7QpzyNubZ2PeoPj0sKopIMX
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [60]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin cc122c63dae96780ccf49877e66b53b1
oleObject1.bin.1301694: string.This program cannot be run in DOS mode
oleObject1.bin.1341422: string.LoadLibraryA
oleObject1.bin.2322720: string.GetModuleHandleA
oleObject1.bin.1365723: string.user32.dll
oleObject1.bin.1370503: string.KERNEL32
oleObject1.bin.2322170: string.ExitProcess
oleObject1.bin.dropped.file exe 2b156645604badaffbe035c8d1308fe6 / 1161616 bytes / @ 1301616


Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: cc122c63dae96780ccf49877e66b53b1
sha1: b03a3ff6caf5d6f9c30f244a51412b03bf2829fe
sha256: 812d6a028076961495db4240044c81c2ba573ec6fbe7621e540f7140b22e2c25
view strings

exe at 1301616
md5: 2b156645604badaffbe035c8d1308fe6
sha1: 246b31e1884aa4fd88ba52497c0013fa6f6d3478
sha256: 444b44a62c284acc5418b17f70dcc515637cb822121de4b778a146366828c2ee
imphash: bcd0caccabea21e1c22d623393ea36db
view strings