Cryptam // document analysis


Sample Details

original filename: f50c913de3d4ae230da0c7f9bba726d8f34050a1b21df55068d8f9b3cee96f25_net0005801.doc

size: 34816 bytes
submitted: 2019-03-21 09:18:38
md5: 771cf142f978edd5b3589b9cc9c3f693
sha1: 889980666a881e30af28a12fafcbe12ae33d4698
sha256: f50c913de3d4ae230da0c7f9bba726d8f34050a1b21df55068d8f9b3cee96f25
ssdeep: 384:NiSwR51VBPWmc2j7JY060j4joH6tNt6ms:cR5bdW+GnGy
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 0.57 s
result: malware [32]
embedded executable: found

signature hits:

23867: exploit.office embedded Visual Basic execute shell command Wscript.Shell
27870: suspicious.office Visual Basic macro
21591: string.URLDownloadToFileA


Strings

raw strings
decrypted raw strings