Cryptam // document analysis


Sample Details

original filename: e1cdc8de98e8441b606cbb8d3cace1ba2499eb39ef1abf193222aff8d4827bf5_nc.doc

size: 855552 bytes
submitted: 2018-10-29 18:36:09
md5: 66ce866301ccffc80d456640a5779a98
sha1: b871c2a752798d3c45c41e203493c24960046ffc
sha256: e1cdc8de98e8441b606cbb8d3cace1ba2499eb39ef1abf193222aff8d4827bf5
ssdeep: 12288:/vcYkpsViZBfqSK5sskADZBmSlAl9LtdZA6P70cCF03PHtCP:/vcYknjfVAsskADBlAlN/ZfP7ESVCP
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 2.37 s
result: malware [70]
embedded executable: found

signature hits:

75342: string.This program cannot be run in DOS mode
287370: string.GetCommandLineA
286192: string.GetProcAddress
286438: string.EnterCriticalSection
286224: string.CloseHandle
286660: string.KERNEL32
237847: string.ExitProcess
dropped.file exe d2677222586e48fd44faf921ae407c5d / 236032 bytes / @ 75264
dropped.file exe 65b5de8ded20b50851fb1e5334566850 / 317066 bytes / @ 311296
dropped.file vbs 1bd8b0eee7732357da7ccb6e46bfa5ca / 227190 bytes / @ 628362


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 75264
md5: d2677222586e48fd44faf921ae407c5d
sha1: 8ddb13ff1295d93aee65cfa73dbffa186bb34247
sha256: ce6afea9c3aacc227eb3b347bb465622e9740d6797afa01dfddedf52b8db2543
view strings

exe at 311296
md5: 65b5de8ded20b50851fb1e5334566850
sha1: 3fbfb2f8d02cb73e4d0b8232c8793b3bda88f57c
sha256: 63e4ddde02fa5d469701cd17110091d45a7c3515b49eecef2d9627a963b6bfc0
view strings

vbs at 628362
md5: 1bd8b0eee7732357da7ccb6e46bfa5ca
sha1: f8088e99c1f425856635263999c69ae38ac8e569
sha256: 1207b95a1d3bcae97504a330a50e8dde6bd590d35e250c877846d6df6be18b44
view strings