Cryptam // document analysis


Sample Details

original filename: Client_Information_and_payment_Copy.docx

size: 301320 bytes
submitted: 2017-06-14 06:38:53
md5: 96e2158dc8696d0a64bc8fe4005aa429
sha1: 8cdc9b4e625d816e88c0d411eaaef22e832be74b
sha256: eb468e62626fc766c21a1ea74fe1f8b759c0a319e376c8d1558a55d4b40bd904
ssdeep: 6144:4TS4HtXeGKbtDx80Qv1VXEZ9FB9dnYSKxqqdh4XCDll:UeGIt98zD0ZXB0hqs4XCz
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [12]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin 5b693b80d0a50914d11d396d6fdb75af
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.4349: string.This program cannot be run in DOS mode
oleObject1.bin.dropped.file exe 98872a1cd163e94fb676fb001e501107 / 119292 bytes / @ 4271
oleObject1.bin.dropped.file exe 1ae0f0f72863d29e4fe18e17f82b524e / 84309 bytes / @ 123563


Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: 5b693b80d0a50914d11d396d6fdb75af
sha1: 04b195a339a049b35dafa39c9e51b9f18c35d85d
sha256: 5b141ecb71f81c2aed4339a4851befec0536d2ee4eae1c1abe957476d2a3661c
view strings

exe at 4271
md5: 98872a1cd163e94fb676fb001e501107
sha1: 816a868680702641b58ee6b661e11229dde4bf6b
sha256: 2b55e6c9638694616485545c6c257c04f695ba03e10d4359026a803e4e34137a
view strings

exe at 123563
md5: 1ae0f0f72863d29e4fe18e17f82b524e
sha1: dd4ab2cbc6c9f53aa21a89da5b1d16bb2264502f
sha256: 2001fa1a3eb8e05a3e6d9c1d07ababa7fe52d2f2930ffa17002cdf59b5b462b6
imphash: dae02f32a21e03ce65412f6e56942daa
view strings