Cryptam // document analysis


Sample Details

original filename: 9d7295110bf93ce13b422e49b557b943d39bcc71

size: 83456 bytes
submitted: 2018-04-12 07:36:05
md5: 20874abe3b85a4003bdb7c6d31fccb1c
sha1: 2b0155f638d464fab80d51a49803fea5f64c8457
sha256: a884adca81ab17580bbcf6d47525757fe8a4c309aa24fa2b72506fd8e7e9ac37
ssdeep: 1536:nuuusuNs9PTr6FaSkLu6pAJqc8l6Nc7yRzs1H75wkZUiEfClsCq6NqTBun5oYd4t:i8l6Nc7yRzs1H75wkZUgsCq6NqTBun5M
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 6.19 s
result: malware [72]
embedded executable: found

signature hits:

40686: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
41270: exploit.office embedded Visual Basic execute shell command Wscript.Shell
47779: exploit.office embedded Visual Basic accessing file OpenTextFile
74962: suspicious.office Visual Basic macro
37976: string.vbs On Error Resume Next
dropped.file vbs 52ba7fd15c5e7de33051e3a483e4be0b / 20131 bytes / @ 44384
dropped.file vbs c3a0453859d77dbb72ca0b2e74a23bae / 18941 bytes / @ 64515


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 44384
md5: 52ba7fd15c5e7de33051e3a483e4be0b
sha1: f59151184410e50d4f2237049ba898e65926680b
sha256: 5d2fe00d854adf1f37662fe95c4e1c446b9a7bf4de6506bdf72661e908c8e68c
view strings

vbs at 64515
md5: c3a0453859d77dbb72ca0b2e74a23bae
sha1: 9ffc07424242be5fe77d055c0e8ab484c7e4a223
sha256: 4aa4907f010093571ed0fc62bea44568956a9a598b4572df51c0ff5f4097b144
view strings