Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 3ea5351ff11450c2…

MALICIOUS

Office (OLE)

850.1 KB Created: 2008-06-02 06:37:00 Authoring application: Microsoft Office Word First seen: 2020-12-25
MD5: cabcd6bb365b34e5df3f4d3598b8b5b4 SHA-1: 44c71c75323b36820559b3193ea9bd1825037788 SHA-256: 3ea5351ff11450c237074bcc99b39c12bef89a4670a3e43970f96e2e753fc558
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as a malicious dropper by ClamAV. The document body contains what appears to be a log of donations or payments, a common social engineering tactic. The embedded URL is likely used to download a secondary payload.

Heuristics 2

  • ClamAV: Doc.Dropper.Agent-6499142-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-6499142-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cuixiao.w2.dh52.com/1.htm In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.