Cryptam // document analysis


Sample Details

original filename: 774d587b2d8be8628550a6a05b1500a8

size: 1135104 bytes
submitted: 2018-04-12 07:34:01
md5: 774d587b2d8be8628550a6a05b1500a8
sha1: 85bd3e9c4b34fcb9aed95be8573a2f3e1f18f95b
sha256: 669d1659e61b6feeba3b681a3bbf3aef608baca5d49859099dbe5213be09e8af
ssdeep: 24576:5ARTcdP59nVp9gi0sI7zZZoQ/GSmLTTlvDtyMhgkEE/A5+cvuDH:uBwR9nVpbIpZogeLTTlvIN
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.82 s
result: malware [72]
embedded executable: found

signature hits:

1022197: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
1022781: exploit.office embedded Visual Basic execute shell command Wscript.Shell
1029274: exploit.office embedded Visual Basic accessing file OpenTextFile
1063668: suspicious.office Visual Basic macro
1019487: string.vbs On Error Resume Next
dropped.file vbs 80a614cb1d652bc2bce1ece8fe347fed / 20000 bytes / @ 1025887
dropped.file vbs 0ff0a3f50f4f08c7687d07d6fc71d134 / 89217 bytes / @ 1045887


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 1025887
md5: 80a614cb1d652bc2bce1ece8fe347fed
sha1: 15b462a5ef5024c2a732977a4c44fda53c0f68fc
sha256: 2a1a625549f5c2b6a7c10d51529707c52a3fa87152a842e08e8ae4c95a372089
view strings

vbs at 1045887
md5: 0ff0a3f50f4f08c7687d07d6fc71d134
sha1: 744a81f234bf81027683399c01a87b987e7962f2
sha256: b28c7cc09d5963f68b3d3764504070690e28a8c6ac887270e7f05fb0c96172c3
view strings