Cryptam // document analysis


Sample Details

original filename: a04e3b8df0378efbddcdc643f144a4a3e2a8f634a2abeae2f64a398e3380eb00_DridexDDEDropperdoc.docx

size: 24452 bytes
submitted: 2018-12-17 02:27:29
md5: f38c13c32a66eb461bb2ed07b3a911b2
sha1: 563f872d2f7a9c8d1cedfccedf438deba1e5590a
sha256: a04e3b8df0378efbddcdc643f144a4a3e2a8f634a2abeae2f64a398e3380eb00
ssdeep: 384:u+LNPqmy/vF8LlSTvKuzbYITcN/1dJw+EE25LjujjT9xKbRgAVT5WYn135tIgd:u+NPq/mRSbKufYIoBRwXEAuj9xKKAVNH
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [12]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 83df9fd104d95730a0a2a7ed6c3336b3
vbaProject.bin.15454: suspicious.office Visual Basic macro
vbaProject.bin.3907: string.URLDownloadToFileA


Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 83df9fd104d95730a0a2a7ed6c3336b3
sha1: f6a6d485a3b415c485293b57f8a7eae9aa6be8d3
sha256: 85067b39ee576ef2e219b440c52bbabfd2d9203c429ec513b4cdf206e248891d
view strings