Cryptam // document analysis


Sample Details

original filename: eac_pv.xlam

size: 1430013 bytes
submitted: 2019-11-13 07:18:35
md5: 11a43079a6a8f4656c89cf9ad570751e
sha1: a3d42078a95ca4a130631044772df8c042c397f2
sha256: f62e7fb7c7c6dcb103556111e75a82248f967048ee080c556a813871ef28181b
ssdeep: 24576:SHflg5z4bVO/W8+QIgFg/SS1Kt+DXkOg7ykKNW9iokwxwDBQAv+:StghT+QLFWS4Kt+DXXwIWi0wWj
content/type: Microsoft Excel 2007+
analysis time: 0.00 s
result: malware [42]
embedded file objects: yes
embedded executable: found

signature hits:

embedded.file vbaProject.bin 4cd3c98c588b8670c4edd822cf524119
vbaProject.bin.667304: exploit.office embedded Visual Basic write to file Scripting.FileSystemObject
vbaProject.bin.1654230: suspicious.office Visual Basic macro
vbaProject.bin.53611: string.shell32.dll
vbaProject.bin.1883797: string.vbs On Error Resume Next


Strings

raw strings

Dropped Files

vbaProject.bin at zip
md5: 4cd3c98c588b8670c4edd822cf524119
sha1: c751e9b70925591046174b7ec43911c144ed3533
sha256: 22976555e6584c2ee21813e833604d02efbad2800fe08ecf1d2b0a2452bd504e
view strings