Cryptam // document analysis


Sample Details

original filename: 5cab11c207d45c966ce05e7587d23603.virus

size: 118784 bytes
submitted: 2017-07-12 17:43:25
md5: 5cab11c207d45c966ce05e7587d23603
sha1: 12327e5d063953f622f3fab42174c60516f96c86
sha256: d053a2f9bc7f3c0c28939bcdf2226f473b91f7500ed39903ce83f9927d63751d
ssdeep: 1536:/T9QQQyztkSQQJsV8LbsPA5vPczH1e6cdqft1v6sealMi+tWVbrzQ7uVTkR62gEq:c1BqWVbrzQ7UTk9JxX1qCbjv42ml
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.53 s
result: malware [72]
embedded executable: found

signature hits:

63760: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
64344: exploit.office embedded Visual Basic execute shell command Wscript.Shell
70837: exploit.office embedded Visual Basic accessing file OpenTextFile
105716: suspicious.office Visual Basic macro
60538: string.vbs On Error Resume Next
dropped.file vbs 05aa6bbafc719995f1fafa6278054859 / 51334 bytes / @ 67450


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 67450
md5: 05aa6bbafc719995f1fafa6278054859
sha1: 97d7ce804bf50aaf89401957b5d5d84236aa761b
sha256: 1ef42ffdc79efb91fd2ab67b38ffcaa3229d5771940957767cef45acb1708523
view strings