Cryptam // document analysis


Sample Details

original filename: 29824741eb9e14a8a38ec556832e2f9fc76928844fdeb11062097f08da2005df_Book.xls

size: 156160 bytes
submitted: 2018-11-29 19:41:04
md5: fff193eae10c56287ce050525da54dd5
sha1: ba74a3c05e5efe165e24fa7c2c6f185f33671142
sha256: 29824741eb9e14a8a38ec556832e2f9fc76928844fdeb11062097f08da2005df
ssdeep: 3072:IZl6Nc7yRzs1H75wkZUgsCq6NqTBun5orTNe2uavKh5ig4A6KctOYEK3gZF6eRjz:6l6Nc7yRzs1H75wkZUgsCq6NqTBun5oo
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.58 s
result: malware [92]
embedded executable: found

signature hits:

119650: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
120470: exploit.office embedded Visual Basic execute shell command Wscript.Shell
119690: exploit.office embedded Visual Basic accessing file OpenTextFile
139134: suspicious.office Visual Basic macro
119959: string.vbs impersonationLevel
119595: string.vbs On Error Resume Next
119636: string.vbs CreateObject


Strings

raw strings
decrypted raw strings