Cryptam // document analysis


Sample Details

original filename: c471871.xls

size: 286720 bytes
submitted: 2019-09-19 18:00:47
md5: 5892d0e25a0e79a308e5239a2deae1d7
sha1: 326fa3a5ff1c76c7d6e3578bbfc6d8a345c77e54
sha256: 9ca5c2ca6da42cf24399ed4f0c1fcf8670fe03a8dbf12e1cebac4150830fc69d
ssdeep: 6144:agANS3auBt1aTSOk3hOdsylKlgryzc4bNhZF+E+W/gExjQakJ4iy1bcL5N:vAs3Zt1aTKjQXGi7
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 1.44 s
result: malware [64]
embedded executable: found

signature hits:

278800: suspicious.office Visual Basic macro
1488: suspicious.office Packager ClassID used by CVE-2014-6352 C
12903: string.This program cannot be run in DOS mode
23411: string.GetModuleHandleA
23447: string.CloseHandle
22927: string.RegOpenKeyExA
23591: string.KERNEL32
23163: string.CreateWindowExA
dropped.file exe 1ec05f7a63bbb88eb31b6ea23988cff6 / 77824 bytes / @ 12825
dropped.file exe 4feb44f76fef0ee9d13d78e06350f214 / 196071 bytes / @ 90649


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 12825
md5: 1ec05f7a63bbb88eb31b6ea23988cff6
sha1: ee22a86d915fb95e361cca3f4106757050e21770
sha256: 4bf7ea981b3e13b9aaae77a3588c466dce8ca5e3c93297eccac8cb5144ef17c8
view strings

exe at 90649
md5: 4feb44f76fef0ee9d13d78e06350f214
sha1: 457a4d0d41ffadb4c7d46bde660ab5994b7cc7e4
sha256: 8c05b5c7f3fd4389a3f996fd309730fc0c28a66cd5aaf41f01c03e9f1a5b8ad1
view strings