MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The OOXML_ALTCHUNK_OPAQUE heuristic indicates that the document attempts to import external content, likely to download a secondary payload. The presence of remote image beacons and external relationships pointing to the same domain further supports this. No scripts were extracted from this sample, but the external URLs suggest a downloader or exploit delivery mechanism.
Heuristics 4
-
altChunk imports unrecognised content high OOXML_ALTCHUNK_OPAQUEaltChunk relationship resolves to a packaged part whose content does not match a known chunk format. Treat with suspicion — altChunk is rarely used outside RTF/HTML smuggling.
-
Remote image (web beacon / tracking pixel) medium OOXML_IMAGE_BEACONDocument references an external image URL — loads automatically on open, revealing IP address and timestamp to the server (used for phishing tracking and NTLM hash theft on corporate networks)
-
External relationship medium OOXML_EXTERNAL_RELExternal target in word/_rels/document.xml.rels: https://www.doctricant.com/eur?id=eWUvLy91K0pVZ0krdjZ1TjJmUllUVUZoZDBubUkreTY1SCtnd3FoS2ZyV0JsZCtOL0hXK2hmQ2llTTJ4bWNGSG
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.doctricant.com/eur?id=eWUvLy91K0pVZ0krdjZ1TjJmUllUVUZoZDBubUkreTY1SCtnd3FoS2ZyV0JsZCtOL0hXK2hmQ2llTTJ4bWNGSG5MSDNpdGN4eDFQQmgyV3BZeXRvSDV3aGpLYXlTeHJBUHNwYWJJZ1c0NmFoeDJQVjkydnhmZUlOUGgyVHNRaEVrQ3VjSlNwQ1I5WlhkS3NBOC9nZ2w2REJGeUllNjVPTkJsWGR0bnU2WVlDU0g1bVpxSUFlSnE0dm9DV3h6TklUQ2tISVNNaW In document text (OOXML body / shared strings)
- https://www.doctricant.com/eur?id=eWUvLy91K0pVZ0krdjZ1TjJmUllUVUZoZDBubUkreTY1SCtnd3FoS2ZyV0JsZCtOL0hXK2hmQ2llTTJ4bWNGSGOOXML external relationship
- https://www.doctricant.com/eur?id=eWUvLy91K0pVZ0krdjZ1TjJmUllUVUZoZDBubUkreTY1SCtnd3FoS2ZyV0JsZCtOL0hXK2hmQ2llTTJ4bWNGSG5MSDNpdGN4eDFQQmgyV3BZeXRvSDV3aGpLYXlTeHJBUHNwYWJJZ1c0NmFoeDJQVjkydnhmZUlOUGgyVHOOXML external relationship
- http://purl.org/dc/elements/1.1/In document text (OOXML body / shared strings)
- http://purl.org/dc/terms/In document text (OOXML body / shared strings)
- http://www.w3.org/2001/XMLSchema-instanceIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/package/2006/metadata/core-propertiesIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/package/2006/relationshipsIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocumentIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-propertiesIn document text (OOXML body / shared strings)
Open this report in the interactive analyzer, or submit your own file for analysis.