Cryptam // document analysis


Sample Details

original filename: 270608d9eabe80dbb51887893e46ba14

size: 86528 bytes
submitted: 2017-10-07 18:58:11
md5: 270608d9eabe80dbb51887893e46ba14
sha1: f7bb3d18eb32cdba8f7370b61fea2724624538ab
sha256: 871e44902e1ed952fc49d396201f6ff13f6871303f3e176a9c880e306c598713
ssdeep: 1536:ALa32bjSty68D2SBYhCl2j5Rl6Nc7yRzs1H75wkZUiEfClsQ6NqTBun5oWLhz2jb:lfl6Nc7yRzs1H75wkZUgsQ6NqTBun5oJ
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 13.78 s
result: malware [72]
embedded executable: found

signature hits:

40331: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
40915: exploit.office embedded Visual Basic execute shell command Wscript.Shell
47408: exploit.office embedded Visual Basic accessing file OpenTextFile
76510: suspicious.office Visual Basic macro
37621: string.vbs On Error Resume Next
dropped.file vbs 8cc2bb7d3ef025713b78ad1b5c8afa03 / 19998 bytes / @ 44021
dropped.file vbs c7b3097f953a77728585400a6628d4ac / 22509 bytes / @ 64019


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 44021
md5: 8cc2bb7d3ef025713b78ad1b5c8afa03
sha1: 1a9b621570bb69783dc44426e1f320b825b2bed3
sha256: 8ac61f4a6d3b1325f2ccfaf06131bee9cb5932d5a3d86192b95751a6404c0c43
view strings

vbs at 64019
md5: c7b3097f953a77728585400a6628d4ac
sha1: f163404fa70ab6ce409f738ba6ee5f19aac87dc1
sha256: 57737dc7dc52fc678aa21f1edbe5a3d3f82885d2f7b2a43106d73f764f415a2b
view strings