Cryptam // document analysis


Sample Details

original filename: VDVILEXD.docm

size: 75002 bytes
submitted: 2017-05-14 18:12:02
md5: 31f32f4fa5a8b2fcc7e878d148b7b655
sha1: 313bda93207756dc02504c4903606bf55353d0f7
sha256: 957a81ee0299715f4fb2916dd326d3369036226be38a02c5b8653aa1224458ec
ssdeep: 1536:iquWOiNt1oCfjoemr/3lypPpHSNZetooifW09lXhbPyn73BS:9uWZqeHmj3lypVSNZetookW0fg1S
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [52]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin fbcc65ee5b6a5762b50cd7d1197430d0
vbaProject.bin.31766: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.41451: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.35600: suspicious.office Visual Basic macro
vbaProject.bin.24896: string.vbs impersonationLevel


Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: fbcc65ee5b6a5762b50cd7d1197430d0
sha1: 8e647c660f4b3a1db5fa239b35cf630a6b69c933
sha256: b37cd11b9eaac9b06a05556ad780de2feed53a8bb02ab94c3c7e1e22c28f569b
view strings