Cryptam // document analysis


Sample Details

original filename: bab66dc3591310fca8e61e74bc8fc9bf547eff945c5f6b78b821e750b40a0955_190215090512886464.xls

size: 87552 bytes
submitted: 2019-05-25 06:03:14
md5: 3442810627de4be4facbe7a1c42e0999
sha1: 70870b898788c94a549cfbe4b04d04da758188a3
sha256: bab66dc3591310fca8e61e74bc8fc9bf547eff945c5f6b78b821e750b40a0955
ssdeep: 1536:9f1/D7K1qi0beK5QAa9e+C1gxv7yZmspH7+cclKiEZClsQ6NqTBun5oHm30iyQZK:9gC1gxv7yZmspH7+cclKisQ6NqTBun5q
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.79 s
result: malware [72]
embedded executable: found

signature hits:

41355: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
41939: exploit.office embedded Visual Basic execute shell command Wscript.Shell
48432: exploit.office embedded Visual Basic accessing file OpenTextFile
77522: suspicious.office Visual Basic macro
38645: string.vbs On Error Resume Next
dropped.file vbs d66b163523f72ade81dc12bcc3b6150a / 20510 bytes / @ 45045
dropped.file vbs 10affb80e62792aeed3d8901a7bc0704 / 21997 bytes / @ 65555


Strings

raw strings
decrypted raw strings

Dropped Files

vbs at 45045
md5: d66b163523f72ade81dc12bcc3b6150a
sha1: 86e3e76307ac57c5201ac6415aa3479f11e4a7a9
sha256: ee31a6dfac88fbf716a007315e60cc1db4ceffe3e3031b89006c824c21213f05
view strings

vbs at 65555
md5: 10affb80e62792aeed3d8901a7bc0704
sha1: cfeff9bf81f4d13c17c2c534fde8d3f9efd1d93a
sha256: 767b2a1f5a1398f7427aa4413a5eb00d7d145b3b8e5b09585e0da6f2231d7a23
view strings