MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
The RTF file contains numerous high-severity heuristic firings related to Windows API calls such as WinExec, CreateProcess, VirtualAlloc, LoadLibrary, and GetProcAddress. These indicate the file is designed to execute arbitrary code, likely downloading and running a secondary payload. The presence of an embedded URL, though marked as benign, suggests a potential communication channel. The document body is heavily obfuscated and unreadable, providing no further context on the specific lure.
Heuristics 6
-
Reference to WinExec API high SC_STR_WINEXECReference to WinExec API
-
Reference to CreateProcess API high SC_STR_CREATEPROCESSReference to CreateProcess API
-
Reference to LoadLibrary API high SC_STR_LOADLIBRARYReference to LoadLibrary API
-
Reference to GetProcAddress API high SC_STR_GETPROCADDRESSReference to GetProcAddress API
-
Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOCReference to VirtualAlloc API
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In RTF body
Open this report in the interactive analyzer, or submit your own file for analysis.