Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 228a49640587b87c…

MALICIOUS

Office (OOXML)

69.1 KB Created: 2017-05-22 22:37:00 UTC Authoring application: Microsoft Office Word 12.0000 First seen: 2021-05-26
MD5: c96dcff77e21b2ebde82402b1cb49577 SHA-1: 0b59b536f3802a5256850f5d04d1bc5e886c9d84 SHA-256: 228a49640587b87c8d269f2ad3691a5dfd0a33be880e5df8d096246993dee220
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as a phishing trojan by ClamAV. The document body contains obfuscated text that appears to be a lure, and embedded URLs, though benign, suggest an attempt to direct the user to external content. The overall structure and detection point towards a phishing attack delivered as a document attachment.

Heuristics 2

  • ClamAV: Doc.Phishing.Trojan-f0f00f1e320f0ff8-10045462-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Phishing.Trojan-f0f00f1e320f0ff8-10045462-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/markup-compatibility/2006 In document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/officeDocument/2006/relationshipsIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/officeDocument/2006/mathIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingIn document text (OOXML body / shared strings)
    • http://schemas.openxmlformats.org/wordprocessingml/2006/mainIn document text (OOXML body / shared strings)
    • http://schemas.microsoft.com/office/word/2006/wordmlIn document text (OOXML body / shared strings)

Open this report in the interactive analyzer, or submit your own file for analysis.