Cryptam // document analysis


Sample Details

original filename: Samp(7).docx

size: 310389 bytes
submitted: 2018-12-17 07:43:16
md5: d77496b94070e3196d72888e0dbbcf6e
sha1: c75f9c08a88f46b780238b53c3d2e227524d93ee
sha256: a6c20be83a14d32d865afb1b50f41440bcadefc0d49c3c10fc4c67eb200aeb21
ssdeep: 6144:tyLINZU2X03Kbcc2hanaaIFbXa3koMFPffirkCPn8+IjL:uIg2XNbcc2cnaaWTa3R4f2n8+IP
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [54]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject1.bin bbde3d6a13021276aa62d3f93876aa41
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.8875: string.This program cannot be run in DOS mode
oleObject1.bin.69091: string.GetModuleHandleA
oleObject1.bin.69051: string.GetCommandLineA
oleObject1.bin.69169: string.KERNEL32
oleObject1.bin.dropped.file exe ca236a7fa586baab7be0cec3d86d5ebc / 70051 bytes / @ 8797
embedded.file vbaProject.bin d166950a50e55ccdd873a5be297602c4
vbaProject.bin.29398: suspicious.office Visual Basic macro
vbaProject.bin.19571: string.vbs impersonationLevel


Strings

raw strings

Dropped Files

oleObject1.bin at zip
md5: bbde3d6a13021276aa62d3f93876aa41
sha1: 6ce8db5a0478de5513c64e593cd466a8b9af83f8
sha256: 35467aa857c9699781cc1e8fb6ba600c8621169df9d220e830639f3cd5feff1b
view strings

exe at 8797
md5: ca236a7fa586baab7be0cec3d86d5ebc
sha1: 62da5f2ac970cae6e83c2c59f8d8808c857fff6c
sha256: c9094b696635700955d9773f3d9a64573d52040641cb1eeacd639ea3de882ee6
imphash: 3e7a6889c1ff5e265de3447b5c724415
view strings

vbaProject.bin at zip
md5: d166950a50e55ccdd873a5be297602c4
sha1: 1b0f7812fd10004b55173fd2efbca6c85c38e854
sha256: 07ad9974d17e136f6cbc38a6e6480117b18778e7c4c4f741ad205706e8762e01
view strings