Cryptam // document analysis


Sample Details

original filename: Copia de Formato_Solicitud_Cuentas_de_Usuario.xlsm

size: 1902490 bytes
submitted: 2019-07-16 15:50:19
md5: aa6d0a82e8e8706971731d7a35298f48
sha1: e358077980557b89cca4db21ecad9818342c6423
sha256: 05ec980635b33b5cca2cb5a884ff35a1b3b70b428d30872641d62c0c89722190
ssdeep: 49152:KUGu75vMWhFSlC6HhNSufa9luNxq2rFGVclnyO+pz3ik:KDA5UW/Sl3Wp2q2IVkn8
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [18]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file activeX1.xml f206cb1410db3b11e9ffbb3d3025eef2
activeX1.xml.56: suspicious.office activeX
embedded.file activeX9.xml dbd1871942a02ba0b33767f96360b35d
activeX9.xml.56: suspicious.office activeX
embedded.file sharedStrings.xml 20626b8cad9d1943fa9a7a6734d174fa
sharedStrings.xml.125726: suspicious.office DDE Excel execution
embedded.file vbaProject.bin 9f24c2676b11d0d487b0e121e3acbd53
vbaProject.bin.230102: suspicious.office Visual Basic macro
vbaProject.bin.157111: string.vbs On Error Resume Next


Strings

raw strings

Dropped Files

activeX1.xml at zip
md5: f206cb1410db3b11e9ffbb3d3025eef2
sha1: b564e89d4b3e1142fe9a9789d5ed4e1bf8fb45d4
sha256: 6d748d142a117bccd48336975ba6f37e9107ab725a223d02a1e6c1823d786574

activeX9.xml at zip
md5: dbd1871942a02ba0b33767f96360b35d
sha1: 3b36b9b9e05a4790d331c193beff9da25c1236fe
sha256: fe0d8c2f6568db9e45de4a85f636b30c14e9218f2921b65926e950e1b0a0a8c7

sharedStrings.xml at zip
md5: 20626b8cad9d1943fa9a7a6734d174fa
sha1: b5145d7d0d3d28813c32988abe51864c477b5ea6
sha256: 1727e08a68b65eb0f3d39740fd50c13044d7311390edb174c2bc6a24ae70949c

vbaProject.bin at zip
md5: 9f24c2676b11d0d487b0e121e3acbd53
sha1: da9a4ef348ebeaf1515d0fac6a8a74fe395a104c
sha256: 3f9f76d27168a075111bb3c600517963da424a8a204912b294399f91dfd27def
view strings