Cryptam // document analysis


Sample Details

original filename: fb868ed69cb2cc7107ea49e897322cec

size: 122880 bytes
submitted: 2017-10-07 19:02:18
md5: fb868ed69cb2cc7107ea49e897322cec
sha1: 3bc12e00d55a917f2c68afcd90159a7bc7c576c8
sha256: f3892e349c57ddc828953613fbe3169c56d1e7003f74664065a0e8ce220e4719
ssdeep: 1536:cKKKK+5h5QPwo2Z8Q7Kbg38kPZ95RM5eK0c3WVbrzQh5A4ITkR62lIF88ScJtXw7:ZRKbWVbrzQh5/ITk9CjhJtXwT5k9e
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 28.08 s
result: malware [72]
embedded executable: found

signature hits:

68419: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
69003: exploit.office embedded Visual Basic execute shell command Wscript.Shell
75496: exploit.office embedded Visual Basic accessing file OpenTextFile
109300: suspicious.office Visual Basic macro
65197: string.vbs On Error Resume Next
dropped.file vbs ea0c27817cee62bf970c45c52ab2a0e6 / 19998 bytes / @ 72109
dropped.file vbs 6f242a2b68b45e9461d355cbc3e333ec / 30773 bytes / @ 92107


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 72109
md5: ea0c27817cee62bf970c45c52ab2a0e6
sha1: f7ef9a84eda3df07b921368ce2b4a3f7b78dc7d1
sha256: dbe09e3589d90c5778007850f52ffc29d1650d45ff65fd71f3c9348a7500f537
view strings

vbs at 92107
md5: 6f242a2b68b45e9461d355cbc3e333ec
sha1: f0b72b6ea3a18934ab91d6f12ba4f07d311c6eaf
sha256: c5ac84d0103bbcc639f74e494192148dd3a5eed45d6d6e3d0aed2bec1af21c1f
view strings