Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 1423dcdfcac539f7…

MALICIOUS

Office (OLE) / .DOC

128.0 KB Created: 2012-09-21 09:56:09 Authoring application: Windows Installer
MD5: 18b5fd34e75ceefa19e867b84c13e6cb SHA-1: 6b4c3c34bd8d9546f0be67ba87a94766a7c14e45 SHA-256: 1423dcdfcac539f7e85020b616580c8804b8e655d0867780cc3d1506bca0c101
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample contains an embedded executable file, identified as a critical finding. Furthermore, a high-severity heuristic indicates the document attempts to lure the user into executing commands via the clipboard. This suggests a malicious document designed to deliver a secondary payload, likely the embedded executable, through social engineering.

Heuristics 2

  • Embedded PE executable critical OLE_EMBEDDED_EXE
    MZ/PE header found inside document — possible embedded executable
  • Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE
    Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_office_00006000.exe
188bed17ff1b2e0ed285d4ee4668812bb4e4dc69226e62e506985dda94c90a5f		 embedded-pe Office MZ+PE at offset 0x6000 106496 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.