Cryptam // document analysis


Sample Details

original filename: winrm.vbs

size: 204105 bytes
submitted: 2020-01-19 20:39:53
md5: 9d7684f978ebd77e6a3ea7ef1330b946
sha1: 3fa2d2963cbf47ffd5f7f5a9b4576f34ed42e552
sha256: 6c96e976dc47e0c99b77814e560e0dc63161c463c75fa15b7a7ca83c11720e82
ssdeep: 3072:A1yO1lQ014CTt1ns3wflGsZcfo0QA5PGpb8h0:A191lF1rflGsZcfu
content/type: Non-ISO extended-ASCII text, with CRLF line terminators
analysis time: 0.91 s
result: malware [90]
embedded executable: found

signature hits:

79972: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
73149: exploit.office embedded Visual Basic execute shell command Wscript.Shell
80869: exploit.office embedded Visual Basic accessing file OpenTextFile
74730: string.vbs On Error Resume Next
73127: string.vbs WScript
79958: string.vbs CreateObject


Strings

raw strings
decrypted raw strings