Cryptam // document analysis


Sample Details

original filename: file.docx

size: 178182 bytes
submitted: 2019-12-11 01:54:43
md5: a827d521181462a45a7077ae3c20c9b5
sha1: 2fabc99261db5dd17d088501e58612115e406eed
sha256: f3186dafca8b032f5b942d81b66d3ab631dc41463d3c8d319f1a0a374f809cdf
ssdeep: 3072:3suuovAqJP6rQYUeyD8OS2Ke7v13n/9m5y+I5sOn96ZU8wJo/uk6dtrjC:3suuolJcfU/DgSv1s57n7Ua/2d0
content/type: Microsoft Word 2007+
analysis time: 0.00 s
result: malware [174]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file oleObject2.bin 522e6b6c3e532b9645ebd2000254176f
oleObject2.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject2.bin.3875: string.This program cannot be run in DOS mode
oleObject2.bin.125971: string.GetCommandLineA
oleObject2.bin.125419: string.GetProcAddress
oleObject2.bin.125483: string.EnterCriticalSection
oleObject2.bin.124403: string.CloseHandle
oleObject2.bin.124551: string.KERNEL32
oleObject2.bin.94880: string.ExitProcess
oleObject2.bin.dropped.file exe 67b84d54397ec8785c1b33fd04c5fca8 / 132907 bytes / @ 3797
embedded.file oleObject1.bin abc1359062b25dc925a758625fe5822d
oleObject1.bin.1104: suspicious.office Packager ClassID used by CVE-2014-6352 C
oleObject1.bin.3875: string.This program cannot be run in DOS mode
oleObject1.bin.113343: string.GetModuleHandleA
oleObject1.bin.49205: string.GetCommandLineA
oleObject1.bin.112933: string.GetProcAddress
oleObject1.bin.48035: string.EnterCriticalSection
oleObject1.bin.112819: string.CloseHandle
oleObject1.bin.112769: string.CreateFileA
oleObject1.bin.114671: string.RegOpenKeyExA
oleObject1.bin.114111: string.KERNEL32
oleObject1.bin.112659: string.ExitProcess
oleObject1.bin.dropped.file exe ff9ba84dc884502a683967507f5991e2 / 144171 bytes / @ 3797


Strings

raw strings

Dropped Files

oleObject2.bin at zip
md5: 522e6b6c3e532b9645ebd2000254176f
sha1: d04fb6f1700a14345941b41c2cdc017703cdcaa4
sha256: 590ba64c89e51e1599e20b0156cafde1ef187de5b25e77fae1fcc479e1447256
view strings

exe at 3797
md5: 67b84d54397ec8785c1b33fd04c5fca8
sha1: e43566ac92c8218cae18b7bdfeb9918602373776
sha256: 4f2dffe3c11aa73126957ce54bb9731918561fb43092c803b0ed6d311aaaa204
imphash: 8869c1e28bc9eed6bf1a1cf3802003ac
view strings

oleObject1.bin at zip
md5: abc1359062b25dc925a758625fe5822d
sha1: 896926584005f1c7d51fdb60aff160281b4a5b61
sha256: cf2fd4430f187f803bbfadb7c538cac245e7715f6506fa729b748c8bc47cf1be
view strings

exe at 3797
md5: ff9ba84dc884502a683967507f5991e2
sha1: 0a02f8d15b0c9016c64b9907a5c454dd81247237
sha256: 156192b571b63bb2ff282a080e7d78affaed8d50a2d99edb7169159ea2a09067
imphash: c2bf10252b465105cf8ee64d0b26c351
view strings