Cryptam // document analysis


Sample Details

original filename: 1ff64301b0d6b3f51b1be853daa9f2dbee9852e92111b8ac18c23c545ed0f987_index.64.doc

size: 280731 bytes
submitted: 2018-06-03 01:00:36
md5: 77aff43d38f25dca91db345f3cd18bee
sha1: 1c306ceca5a59bb9533eddda9d995bb597ea4a14
sha256: 1ff64301b0d6b3f51b1be853daa9f2dbee9852e92111b8ac18c23c545ed0f987
ssdeep: 6144:DQf02LmB/m3a+VJ6LQJl6mZzh5AGCEKUp:DQf02LmMK+VmQnzh5AGCEKUp
content/type: Composite Document File V2 Document, Can't read SSAT
analysis time: 0.88 s
result: malware [50]
embedded executable: found

signature hits:

218801: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
219124: exploit.office embedded Visual Basic execute shell command Wscript.Shell
218787: string.vbs CreateObject


Strings

raw strings
decrypted raw strings