Cryptam // document analysis


Sample Details

original filename: d428aa23d7262d55dda2f2714c21dcdbae0a827054e22ee0a2ccaf478f9b012c_R1-1812339_Draft_Agenda_RAN1_95_v004.doc

size: 259584 bytes
submitted: 2018-12-01 10:55:19
md5: 9b1412ea5337a9059e5306022ae72e5e
sha1: 6492844e36027f57e8d34a06f7746b0096d93352
sha256: d428aa23d7262d55dda2f2714c21dcdbae0a827054e22ee0a2ccaf478f9b012c
ssdeep: 3072:Kvi3a+JgzPPBK2k+kwcI5FwUHMc6l3lJQpIajIH3zL:K6qXnBK2kZlIgUV6lf/zL
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.93 s
result: malware [34]
embedded executable: found

signature hits:

245035: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
233242: suspicious.office Visual Basic macro
42589: Moniker exploit MSHTML CVE-2018-8174
205797: string.user32.dll


Strings

raw strings
decrypted raw strings