Cryptam // document analysis


Sample Details

original filename: IBVE9JRP.docm

size: 73284 bytes
submitted: 2017-05-14 19:22:01
md5: 93460e1be7cd7f301e70939e62452a87
sha1: 782b6e56008cd5afb66721241083f8b2030ed0dc
sha256: 1980392f8268d1c09925ca0798dea370b244d24aaf8f448569ce207e609da42b
ssdeep: 1536:iCI3VyJDxHiNsMYY9joemr/3lypPpHSNZetooifW09lE1r7WQ:MQ/iNTxHmj3lypVSNZetookW0Yrv
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [52]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 1ec87538ec7c7e8ff5881df7c7e7c671
vbaProject.bin.7538: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.38184: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.32528: suspicious.office Visual Basic macro
vbaProject.bin.28536: string.vbs impersonationLevel


Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 1ec87538ec7c7e8ff5881df7c7e7c671
sha1: 574916d69676a3afdbfaa619b36bd1283a010908
sha256: 69c91accc0e19f7de82f7cf4fdf1e268dadec945ae5726b67e2e2a92fde450a9
view strings