Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 34a6889a617b2d0e…

MALICIOUS

Office (OLE) / .DOC

17.5 KB
MD5: 3d78ff0bea3abbf150760bbdcefa2e57 SHA-1: b3372367344edf46276aa2aa0d3b994c92d0579c SHA-256: 34a6889a617b2d0e99817a881652446bd2110a78001657f7c51b1d6ad9ec573f
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1204.002 Malicious File

The sample is a malicious DOC file containing VBA macros. High-severity heuristics indicate the presence of CreateObject and GetObject calls, commonly used by malicious macros to download and execute payloads. No document body text or scripts were extracted, but the heuristic firings strongly suggest a macro-based downloader attack pattern. The absence of specific IOCs means the exact payload and delivery mechanism cannot be determined from this analysis alone.

Heuristics 3

  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
4d9e355743b88daa1e79430d91685ad5a1647cf5dbafb1b0a80053db48a695b4		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3718 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.