Cryptam // document analysis


Sample Details

original filename: 937c5e4ef8a79d821dec1d8552dc5f4a

size: 119808 bytes
submitted: 2018-02-08 23:20:01
md5: 937c5e4ef8a79d821dec1d8552dc5f4a
sha1: 6b7d42756e7cb371901d7018b6c8781c19a6fdc8
sha256: 98e79f728e5a38b0a969b2e2e024c503305d557e261cedba1d48e4c8d4bc6eb0
ssdeep: 1536:YPPP7XeP1Ny23WVbrzQ74NJKTkiD25Fv7/WwF1J3M2M/MEgcu:hWVbrzQ74uTkDTvj65kXcu
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.87 s
result: malware [72]
embedded executable: found

signature hits:

67262: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
67846: exploit.office embedded Visual Basic execute shell command Wscript.Shell
74355: exploit.office embedded Visual Basic accessing file OpenTextFile
108276: suspicious.office Visual Basic macro
64040: string.vbs On Error Resume Next
dropped.file vbs 6719378ff975e132de436a763dfe598d / 20131 bytes / @ 70960
dropped.file vbs 058c35129b3acd4d58ddaf7bd6b86b78 / 28717 bytes / @ 91091


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 70960
md5: 6719378ff975e132de436a763dfe598d
sha1: 35ecdf7f55667d03d2a0abbca4ab77fbce7c9173
sha256: d6950b15947d387abb0b9a7be9e83ca82923688d9ad9c1982dc9ebb65bd45cf9
view strings

vbs at 91091
md5: 058c35129b3acd4d58ddaf7bd6b86b78
sha1: fae39e1b85d35e9e4a24942c3c768678ee8dfd63
sha256: a5d3ac7dd16d0f5859eb818ce7f6ebdbef542393199b6ec0c382a6aafd927daf
view strings