Cryptam // document analysis


Sample Details

original filename: 5135dcd55fa90a0893599414cd5e945d

size: 1332224 bytes
submitted: 2018-02-08 21:02:01
md5: 5135dcd55fa90a0893599414cd5e945d
sha1: b73662342e9bec01f3bfc484bd927e7c1e50fa93
sha256: 11a106f4163424733c28c3a005a720917e58a27497ed8cb0b31156b5bd1b7525
ssdeep: 12288:HyvYWKk6tSiCVPq0F/Y0lwuaCA2xDJmE2xD3A1iWo4CLGYG/Obqm:Hy9fzymg4VdCpyQDhKXH
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.91 s
result: malware [72]
embedded executable: found

signature hits:

1279838: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
1280422: exploit.office embedded Visual Basic execute shell command Wscript.Shell
1286915: exploit.office embedded Visual Basic accessing file OpenTextFile
1318098: suspicious.office Visual Basic macro
1277128: string.vbs On Error Resume Next
dropped.file vbs f69b1f115979d7edf599e9960ae4a7ff / 19998 bytes / @ 1283528
dropped.file vbs 0c422d808a0073376d7ed7c7dacea6d4 / 28698 bytes / @ 1303526


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 1283528
md5: f69b1f115979d7edf599e9960ae4a7ff
sha1: d38f152d882b9394c2eefb0ac675147bd684b487
sha256: f5cb0ebd82a0dd335e543b1058d24ed082bcb7188ab1555aaf9c0c4f3a40927b
view strings

vbs at 1303526
md5: 0c422d808a0073376d7ed7c7dacea6d4
sha1: e28ac5f8c5b88ca11940eec5a54eb957478bd7c8
sha256: 3d136943c3b636d5d9d16aee7a779aee735848b73301f69efadf88f8cd6da449
view strings