Cryptam // document analysis


Sample Details

original filename: Sua Tong DT 12-9.xls

size: 2655744 bytes
submitted: 2018-04-12 09:23:58
md5: 786adeae7d9dc269e0a44686bfea7056
sha1: 2992a7ada42f25db7284d1ea5baf3114932562d4
sha256: 5e582ad66d5dbdc1851d82c73b4344b776fef5c778ccf9cf54e454ee2d5e346f
ssdeep: 24576:vPx15vOkCD0q3YmHoh19EZTSXjXHjHgetdnH:v1OOQBHoyZcXHjHgIpH
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 29.28 s
result: malware [42]
embedded executable: found

signature hits:

2545236: exploit.office embedded Visual Basic execute shell command Wscript.Shell
2594526: suspicious.office Visual Basic macro
2607946: string.shell32.dll
2523581: string.vbs On Error Resume Next
dropped.file vbs a050ad2ebe88ed6c70fe173c2cc06dc2 / 420185 bytes / @ 2235559


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 2235559
md5: a050ad2ebe88ed6c70fe173c2cc06dc2
sha1: e56d7e068adfc9d6e4bd7c9b0d976e3eb1355b95
sha256: 72a851909b920ac67c27fc9881c0ee4a250951c006c3bfa2419201922e56a3c7
view strings