Cryptam // document analysis


Sample Details

original filename: payment details.xlsm

size: 852845 bytes
submitted: 2017-03-16 00:53:02
md5: dfcd4d37983d90c23b338a0425dc20fb
sha1: 8477af43cc45ce61f0a6f7f5d86860284260dfab
sha256: b68672af56ddfc5b3a2270d30284a974c1cfec3275bbbd543c8f5fcc36fd0cdc
ssdeep: 12288:pI2c0G1BXsEnlPnJ3sPze5PpEJbM+ss9QmhtSrN6qqc7Be4G72BWA93SIPVE1j:Le1lDPnJ2eMdpssXtw0qqclx3dmJ
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [76]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 3b4ec3077e533625df7365fabfd8a898
vbaProject.bin.11602: suspicious.office Visual Basic macro
embedded.file oleObject1.bin 559b1ff54ff746bee2fed54b8344631b
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.9441: string.This program cannot be run in DOS mode
oleObject1.bin.90973: string.GetSystemMetrics
oleObject1.bin.90195: string.GetProcAddress
oleObject1.bin.89509: string.CloseHandle
oleObject1.bin.89637: string.CreateFileA
oleObject1.bin.90801: string.KERNEL32
oleObject1.bin.90151: string.ExitProcess
oleObject1.bin.dropped.file exe e1a26b5259343176bae93e3519efec2f / 874349 bytes / @ 9363
embedded.file sheet1.xml 3d6d89a184c32790fe6cb913c73b873b
sheet1.xml.1059: suspicious.office OOXML Class used by CVE-2014-6352 D


Yara Tags

office_vb_dropper
winrar_sfx

Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 3b4ec3077e533625df7365fabfd8a898
sha1: bc182eaa89a8d64328d85d4f0cb5019df5de0090
sha256: bb141a8b1473b17475100df3d0c2385a57bfe7e32150d893cf79a461b348cd40
view strings

oleObject1.bin at zip
md5: 559b1ff54ff746bee2fed54b8344631b
sha1: 9d12cd656186e4d0c971984a78b52a7cee185d8c
sha256: 182d3ea38e45c35f22cb7bf09f4dd5fbae419ece94f370f317dfc6e757f81e77
view strings

exe at 9363
md5: e1a26b5259343176bae93e3519efec2f
sha1: 757cb0975c7f3c78e8fd02b841d29d44e5a1d641
sha256: 6b21a2d1be207a9bc98de094c5e08ec0d2c56c324b082699b6ea4a9ff67ef6da
imphash: 3c98c11017e670673be70ad841ea9c37
view strings

sheet1.xml at zip
md5: 3d6d89a184c32790fe6cb913c73b873b
sha1: 226a3cb247c41f12ae7971451290c1e3308833cd
sha256: 4bd5c0ac99d4cda5ea854d358539e81befd27a46ba0deaca60a4e7f663ca3f6e