Cryptam // document analysis


Sample Details

original filename: c98855eeeb4096b11839d9a90a6d1cde97df3cb43821eaeab6059ae639dc039b_word_sample_20180903065545.doc

size: 32256 bytes
submitted: 2018-09-06 06:17:55
md5: 6bf657327827fd34fd2214a0cbb73c3c
sha1: 24f72a444bfbb24b0903550c5d6e90b2ef510a77
sha256: c98855eeeb4096b11839d9a90a6d1cde97df3cb43821eaeab6059ae639dc039b
ssdeep: 192:PdxlgZEvA846/6rrILd/Kf3HO8tnun7khEfEy0ja6RotcTGEPxSsdEX0CrZqda:N8iSUR/8dnEkhBy0ja2ottEL4no
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.48 s
result: malware [72]
embedded executable: found

signature hits:

28693: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
28904: exploit.office embedded Visual Basic execute shell command Wscript.Shell
23766: suspicious.office Visual Basic macro
10666: exploit.office VB Macro auto execute
28882: string.vbs WScript


Strings

raw strings
decrypted raw strings