Cryptam // document analysis


Sample Details

original filename: /Resources/Planning-Documents/Documents/2015%20ESG%20CR65.docx

size: 4204214 bytes
submitted: 2017-09-09 06:37:08
md5: 03f8db1745449b94e6fc485b8dfebaf0
sha1: 42682aa2ed5dc18aca900ae2ad63443f19a33346
sha256: 47e0f0e8ec15ab2a4ecc380198c4f35b7f9fb24cb4e2a7288724900d88327110
ssdeep: 98304:prB9+yFQjbXex1EMXDDrckpUCZ2sTPh+qMtz5gUK:pF9+yFQPSjHrcbbE+b95gUK
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [32]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file Microsoft_Excel_Macro-Enabled_Worksheet1.xlsm 87d7e860b82af413247b652570fb51fa
Microsoft_Excel_Macro-Enabled_Worksheet1.xlsm.embedded.file vbaProject.bin 80148c865ad3a225bcfa042835dcade1
Microsoft_Excel_Macro-Enabled_Worksheet1.xlsm.vbaProject.bin.17398: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
Microsoft_Excel_Macro-Enabled_Worksheet1.xlsm.vbaProject.bin.147170: suspicious.office Visual Basic macro
Microsoft_Excel_Macro-Enabled_Worksheet1.xlsm.vbaProject.bin.88494: string.vbs On Error Resume Next


Strings

raw strings

Dropped Files

Microsoft_Excel_Macro-Enabled_Worksheet1.xlsm at zip
md5: 87d7e860b82af413247b652570fb51fa
sha1: b76eb0b8455144d73169f0ff1d7453a3e99051a5
sha256: d6dbe35e5b3c4b4d65f0e5b0a9e283b1e185e782fcf8165cba74f8d01532bc82
view strings

vbaProject.bin at zip
md5: 80148c865ad3a225bcfa042835dcade1
sha1: c1e7cffd0b54afc2351be0a5b494b3192640e923
sha256: aba6e074661268f730594f651ca06116eef803ebedc19c48bd17f7b4650c8af2
view strings