Cryptam // document analysis


Sample Details

original filename: 3a4d4f3497a758ff5ae1c28251d8ebe1da455de0720dd0e08fb38a3b985c5f11_Customer_Survey.doc

size: 141824 bytes
submitted: 2018-08-04 13:56:21
md5: 3a81ea9ef447cf2af2675ebbadb6fbf0
sha1: b54ed66013a4b8a3c89a8e3aea2f4e7345e0cde7
sha256: 3a4d4f3497a758ff5ae1c28251d8ebe1da455de0720dd0e08fb38a3b985c5f11
ssdeep: 3072:fszBPtxkM9FsKOo9mEAlauoMpCZdJHSEdC9o:SBPtxB9FsKt91l+pCZdJHSE09
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.75 s
result: malware [52]
embedded executable: found

signature hits:

123031: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
132026: exploit.office embedded Visual Basic accessing file OpenTextFile
128222: suspicious.office Visual Basic macro
115403: string.CreateProcessA


Strings

raw strings
decrypted raw strings