Cryptam // document analysis


Sample Details

original filename: USPS_Delivery_NY03653391.doc

size: 37560 bytes
submitted: 2019-11-21 19:11:06
md5: 18ebc55182dfaa1fe5588af38bfc288b
sha1: c258d774762fc92cb0532ccd5d535d46dd569059
sha256: dc833d59d0c43bc1bef3edc11ea9073968bf66b6cbff839dddcd46ca24f4c810
ssdeep: 768:6M6HwR6obtHKCk1Y5RM835oyEslShXomeiP+w0LgqNZeRC6I3ucD:B6Axsh1+s2eXomP+w0IRC6u5
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [14]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file activeX1.xml 79d00a5fe8eb0067824b56cdb4e1de8f
activeX1.xml.56: suspicious.office activeX
embedded.file vbaProject.bin c5a72f144802d1f94d064d933eaea2aa
vbaProject.bin.13662: suspicious.office Visual Basic macro
vbaProject.bin.5399: string.URLDownloadToFileA


Strings

raw strings

Dropped Files

activeX1.xml at zip
md5: 79d00a5fe8eb0067824b56cdb4e1de8f
sha1: 6f63a8f2f5b5888dd625c7631b570cdfce438328
sha256: ee3176455691510f38ba3811e7607826e0166d794c448206b78930b22e191177

vbaProject.bin at zip
md5: c5a72f144802d1f94d064d933eaea2aa
sha1: 18be81639e83ba82992166531e90cc613dc2959a
sha256: badaaa6f3e29f51df52023adfbf685db7e5a97e44c8984a37b244f8a4396241f
view strings