Cryptam // document analysis


Sample Details

original filename: ChecklistMacro.xlsm

size: 291209 bytes
submitted: 2017-04-16 05:32:01
md5: b60dd8bb405d766c3194c3a77fc5a222
sha1: 8c0d929aa5e01d18b622cdcb544c627649679478
sha256: b3ee2d101d50f7e4312aeb303437a55a01ad39cc28aee1fb668ec370fc6aedd0
ssdeep: 6144:bpzpz10/1/SWYWrEbXMXpA7nPN5BUQZ6a2kHNc3eCck:xpu/SWYWrEb8XpA7PNzU1a2kHAeCck
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [62]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 2fee1cc0d9052a862e42fe1535e4cea3
vbaProject.bin.483607: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.483743: exploit.office embedded Visual Basic execute shell command Wscript.Shell
vbaProject.bin.332439: suspicious.office Visual Basic macro
vbaProject.bin.132348: string.URLDownloadToFileA
vbaProject.bin.260379: string.vbs On Error Resume Next


Yara Tags

office_vb_dropper

Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 2fee1cc0d9052a862e42fe1535e4cea3
sha1: 2bbcd1942242cb81239a2ddf1349d9867844aae0
sha256: 9041ddf0dd8c007a2c5b493d021775594c4b4448e49cd74e45109529ef44ea5e
view strings