Cryptam // document analysis


Sample Details

original filename: 8416ee9f00d3f6d07d7acdfd1ac3ade8

size: 101376 bytes
submitted: 2017-10-07 18:54:10
md5: 8416ee9f00d3f6d07d7acdfd1ac3ade8
sha1: 01157e4f35c1d6d8e6e667bf5bff27a5ac334c32
sha256: f83818c6d5a7c15e7c5948d3385dadfd3a4d5b71c31ebf334f8a8f5bf67249e1
ssdeep: 1536:hrrrrA311KipEQWVbrz2wOX7ITkR62l9M88S3JtXwR/M2M/Mb/G:CLWVbrzH27ITk9cjGJtXwu5kbG
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 14.79 s
result: malware [72]
embedded executable: found

signature hits:

47571: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
48155: exploit.office embedded Visual Basic execute shell command Wscript.Shell
54648: exploit.office embedded Visual Basic accessing file OpenTextFile
88820: suspicious.office Visual Basic macro
44861: string.vbs On Error Resume Next
dropped.file vbs 8e6a035008581f38209c83ca3b4676f0 / 20510 bytes / @ 51261
dropped.file vbs 99b48c7a0c29f17c342f4480075c2ff0 / 29605 bytes / @ 71771


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 51261
md5: 8e6a035008581f38209c83ca3b4676f0
sha1: 1186def4e32cffe58d0980059f433b2806214678
sha256: 33060bcba67d06b399c58b56f5154566fa822b26a4dd295b8d80461715d3a5d3
view strings

vbs at 71771
md5: 99b48c7a0c29f17c342f4480075c2ff0
sha1: 6367dc3cbdf66322fd5c0d512467b0883eba1a2b
sha256: 63c5f74835fb983042f4b90895eb710c2ecd79a5c54e81e59b7f4408c7643a53
view strings