Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 3f8b40294fea7309…

MALICIOUS

Office (OLE)

38.5 KB First seen: 2019-05-31
MD5: 3aa14d9db0c92c24512a6d5422515c97 SHA-1: 25f3d29d173926d1eaf4af845ae71a0bd3726049 SHA-256: 3f8b40294fea73098f6b010703f4ff95cd21c2163b9d4d7cbda4635ffb0ed4ff
80 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is an encrypted Office document, which is a common technique to evade static analysis and detection. ClamAV signature 'Doc.Dropper.Agent-7418749-0' strongly suggests this file functions as a dropper, intended to download and execute a secondary malicious payload. The encryption itself is a tactic to obscure the malicious content from initial inspection.

Heuristics 2

  • ClamAV: Doc.Dropper.Agent-6970417-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-6970417-0
  • Office document is password-encrypted medium OFFICE_ENCRYPTED_PACKAGE
    OLE container holds MS-OFFCRYPTO encrypted package (Standard Encryption (Office 2007, AES)).

Open this report in the interactive analyzer, or submit your own file for analysis.