Cryptam // document analysis


Sample Details

original filename: 57e0e36220222652db4eed7d1c3e3db4

size: 131072 bytes
submitted: 2017-10-07 19:35:08
md5: 57e0e36220222652db4eed7d1c3e3db4
sha1: cd45cb95da94ec21e4674c08f73e94604a163d6d
sha256: d75e1227add280392727fe72009dc90d9cfecd5bbde83741682bedb6353cd3a1
ssdeep: 1536:WIIIID18yk78JD0NHoN5BciN9SGQRICqzsf/6H/DR1C/Q5zO42jcc0lbxOvTgZPZ:7/gA/+2jcc0lbxOrnjhJtXwo2tz
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 12.47 s
result: malware [72]
embedded executable: found

signature hits:

82774: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
83358: exploit.office embedded Visual Basic execute shell command Wscript.Shell
89851: exploit.office embedded Visual Basic accessing file OpenTextFile
119506: suspicious.office Visual Basic macro
80064: string.vbs On Error Resume Next
dropped.file vbs ea0c27817cee62bf970c45c52ab2a0e6 / 19998 bytes / @ 86464
dropped.file vbs c03f5b8cad5a9ee88321f6c519f31c89 / 24610 bytes / @ 106462


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 86464
md5: ea0c27817cee62bf970c45c52ab2a0e6
sha1: f7ef9a84eda3df07b921368ce2b4a3f7b78dc7d1
sha256: dbe09e3589d90c5778007850f52ffc29d1650d45ff65fd71f3c9348a7500f537
view strings

vbs at 106462
md5: c03f5b8cad5a9ee88321f6c519f31c89
sha1: d9be0821f0b2795e2c22bb312a377139b1bec6b9
sha256: 60b421f8f757fda6f5609dff24df85c019bb6477b3f3062910149a42fa076510
view strings