Cryptam // document analysis


Sample Details

original filename: fc77241807846604ed90f68ae6fe09ba

size: 1301924 bytes
submitted: 2017-03-15 19:32:02
md5: fc77241807846604ed90f68ae6fe09ba
sha1: 67dbf599582e792056213a046e342b2c48ccf82f
sha256: 13b75ea28f08315ee1a29bf983ed782f04ab67fe3538cef3f7efb6c334ca6bcb
ssdeep: 24576:oQou4+YNbqu78taxwFjZZUSMAi335TEEh:h39YNGu7jYPd235l
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [77]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 3a8beec93e89af0859b3d7b6556b56e0
vbaProject.bin.11602: suspicious.office Visual Basic macro
embedded.file oleObject1.bin 8afcce1dab780390aabf1ac1e33843d7
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.9929: string.This program cannot be run in DOS mode
oleObject1.bin.91461: string.GetSystemMetrics
oleObject1.bin.90683: string.GetProcAddress
oleObject1.bin.89997: string.CloseHandle
oleObject1.bin.90125: string.CreateFileA
oleObject1.bin.91289: string.KERNEL32
oleObject1.bin.90639: string.ExitProcess
oleObject1.bin.dropped.file exe 6a60ad323552082bfee949c2d9364fd7 / 952709 bytes / @ 9851
embedded.file sheet1.xml db6563828f66114bcb295b1d24af21ed
sheet1.xml.1109: suspicious.office OOXML Class used by CVE-2014-6352 D
embedded.file image2.ico d098f4484e11bda25080b3e9dc6fa654


Yara Tags

office_vb_dropper
winrar_sfx

Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 3a8beec93e89af0859b3d7b6556b56e0
sha1: 62bd4ed96e527d4cd53d3cc1befe06d380e211db
sha256: 4a3d05e749bcf085e066622b5bbbb40c5f319485d9d7a6a04242b9cffa25f236
view strings

oleObject1.bin at zip
md5: 8afcce1dab780390aabf1ac1e33843d7
sha1: bfae9cacccdc13d067e320d509474e984f3902a1
sha256: 6c8135ea4fd15e99bd4c5a155f34196d171606365cfcffd09c69cf90d529dc4d
view strings

exe at 9851
md5: 6a60ad323552082bfee949c2d9364fd7
sha1: c5a56e9a554a005e5b412e59d2300889cd834ae8
sha256: 15758f44a80879e2b6c36b6e1ddd676a41f36b68797c0f20e07d2d5c58f4ff68
imphash: 3c98c11017e670673be70ad841ea9c37
view strings

sheet1.xml at zip
md5: db6563828f66114bcb295b1d24af21ed
sha1: 74725d6e3ac2bc57af9645b20fd739c68e3c64e3
sha256: ba8cb8a33509343db5c0691c91becafbd340380ad5e69c16561482c6e25b6022

image2.ico at zip
md5: d098f4484e11bda25080b3e9dc6fa654
sha1: 2ce750eb0f84a42349580bad7fc42592f7e2d3e5
sha256: b90c522e61e098cd2edc0c0bda092d1bd046969bd3b181a1382fd08f0f7a4207
view strings