MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The sample is an Office document containing an embedded PE executable, indicating a likely attempt to deliver a second-stage payload. The presence of the embedded executable and the 'VirtualAlloc' API reference suggest the document is designed to drop and execute malware. While no scripts were directly extracted, the embedded executable is the primary indicator of malicious intent.
Heuristics 2
-
Embedded PE executable critical OLE_EMBEDDED_EXEMZ/PE header found inside document — possible embedded executable
-
Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOCReference to VirtualAlloc API
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
embedded_office_00003219.exe |
embedded-pe | Office MZ+PE at offset 0x3219 | 269799 bytes |
SHA-256: 1b56201f35c7d161019188906b40258422ad2051ceef53a9eb65b24d7fbe035f |
|||
ole10native_00.bin |
ole-package | OLE Ole10Native stream: MBD005CEEB8/Ole10Native | 152905 bytes |
SHA-256: b82e33e5348d80a77c4fe40bb534a80d1bce00367754818359343bb7622076e6 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.