Malicious Office (OOXML) / .DOC — malware analysis report

Static analysis result for SHA-256 3046ec7af6142d2a…

MALICIOUS

Office (OOXML) / .DOC

2.72 MB Created: 2022-07-01 13:33:00 UTC Authoring application: Microsoft Office Word 16.0000 First seen: 2022-07-01
MD5: 7c643a355b758fd95dca7a8f97196406 SHA-1: 3514f451d022a132d9a3d5df91d2f1433f3f38be SHA-256: 3046ec7af6142d2aa32b2c486cb8bbec6a48f7aa3d31da6321c7cf47dcee525b
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified as a malicious downloader by ClamAV. The SE_ENABLE_LURE heuristic indicates that the document likely contains a prompt to enable macros, a common social engineering tactic to bypass security measures. The embedded URLs are confirmed benign and do not appear to be part of the malicious payload delivery. No scripts were extracted from this sample.

Heuristics 3

  • ClamAV: Doc.Downloader.af2f0393915c6ce8-OOXML-9981526-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Downloader.af2f0393915c6ce8-OOXML-9981526-0
  • Macro/content-enable lure medium SE_ENABLE_LURE
    Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas
    • http://schemas.microsoft.com/office/drawing/2014/chartex
    • http://schemas.microsoft.com/office/drawing/2015/9/8/chartex
    • http://schemas.microsoft.com/office/drawing/2015/10/21/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/9/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/10/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/11/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/12/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/13/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/14/chartex
    • http://schemas.openxmlformats.org/markup-compatibility/2006
    • http://schemas.microsoft.com/office/drawing/2016/ink
    • http://schemas.microsoft.com/office/drawing/2017/model3d
    • http://schemas.microsoft.com/office/2019/extlst
    • http://schemas.openxmlformats.org/officeDocument/2006/relationships
    • http://schemas.openxmlformats.org/officeDocument/2006/math
    • http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing
    • http://schemas.openxmlformats.org/wordprocessingml/2006/main
    • http://schemas.microsoft.com/office/word/2010/wordml
    • http://schemas.microsoft.com/office/word/2012/wordml
    • http://schemas.microsoft.com/office/word/2018/wordml/cex
    • http://schemas.microsoft.com/office/word/2016/wordml/cid
    • http://schemas.microsoft.com/office/word/2018/wordml
    • http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahash
    • http://schemas.microsoft.com/office/word/2015/wordml/symex
    • http://schemas.microsoft.com/office/word/2010/wordprocessingGroup
    • http://schemas.microsoft.com/office/word/2010/wordprocessingInk
    • http://schemas.microsoft.com/office/word/2006/wordml
    • http://schemas.microsoft.com/office/word/2010/wordprocessingShape

Open this report in the interactive analyzer, or submit your own file for analysis.