Cryptam // document analysis


Sample Details

original filename: HTTPMacro.doc

size: 41984 bytes
submitted: 2019-06-19 08:34:56
md5: 7dee4fe8fbae1cfcbadd2d358c703c59
sha1: b9159a39c0ad10a7421baa030b08e8997d7b6f34
sha256: 5a03e0d1fcaa5ca4926e3c9938fabfe8764dd8d95039e1f722b9b55d9f81b85b
ssdeep: 384:Hh+5GnjItW1PLisQzssjba30juzMnbqKVr:HcG4MOb4f4bqKVr
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.43 s
result: malware [52]
embedded executable: found

signature hits:

33343: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
33311: exploit.office embedded Visual Basic execute shell command Wscript.Shell
37138: suspicious.office Visual Basic macro
33279: string.vbs On Error Resume Next


Strings

raw strings
decrypted raw strings