Cryptam // document analysis



Sample Details

original filename: 8569d0a30f40ab4c02dfdd007b92852b.1

size: 922690 bytes
submitted: 2018-02-09 18:40:02
md5: 8569d0a30f40ab4c02dfdd007b92852b
sha1: 9d81e5ddbc2e6280c5e0d99ac2179db42d75de44
sha256: b4c061b2ed63fc4550f7a728288d9495712ae09614c07b041a9dd295867ee0bc
ssdeep: 12288:ZbwbSbZDWW9rAGpoiBSwboClqCMpDVUm7t6C:Z0+FKW9rA0BSwbobpRUm7t6C
content/type: data
analysis time: 65.89 s
result: malware [75]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file datastore-14 6d54020de5e555b5389b578f782cd2c5
datastore-14.embedded.file activeX37.xml 93d2b180df5ec8102767e9e19d2605d8
datastore-14.activeX37.xml.21: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-14.embedded.file activeX1.bin f7971aa425ee0c86bb9464ef5900533e
embedded.file datastore-129235 6d54020de5e555b5389b578f782cd2c5
datastore-129235.embedded.file activeX37.xml 93d2b180df5ec8102767e9e19d2605d8
datastore-129235.activeX37.xml.21: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-129235.embedded.file activeX1.bin f7971aa425ee0c86bb9464ef5900533e
embedded.file datastore-258456 a64c34b21bc3423dbb0e8d4d228bfcee
datastore-258456.embedded.file activeX37.xml 93d2b180df5ec8102767e9e19d2605d8
datastore-258456.activeX37.xml.21: exploit.office MSCOMCTL.OCX TabStrip CVE-2012-1856 classid
datastore-258456.embedded.file activeX1.bin f7971aa425ee0c86bb9464ef5900533e
415: obfuscation.office RTF embedded Word Document
435087: string.ExitProcess


Cryptanalysis


key length: 256 bytes
key:

entropy: 100.00%


Strings

raw strings
decrypted raw strings

Dropped Files

activeX37.xml at oxml
md5: 93d2b180df5ec8102767e9e19d2605d8
sha1: a4653e3b23480c14c3cfcd316d1d83481c135a0f
sha256: ab1a8144ffbd4f2403149e37ed31e49837ec9c8e792e1206035753fb976ddc3d
view strings

activeX1.bin at oxml
md5: f7971aa425ee0c86bb9464ef5900533e
sha1: 4bbc4f4ee3401c0776a0f7c76beb449ea0bdf273
sha256: a8faba39bebaf948e3aa88725a78fd8fb7bdf6d66c95481ef80e327de94bd050
view strings

datastore-258456 at rtf
md5: a64c34b21bc3423dbb0e8d4d228bfcee
sha1: 8d185fb1144b099889a13556c11c03afa3a86f42
sha256: ef30b2192e1913059236f0bd16ec8663c5eb02de792ba1e956c252e35f0e5ce3
view strings