Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 420ea5ee530675b8…

MALICIOUS

Office (OLE)

21.0 KB Created: 2000-01-26 07:08:00 Authoring application: Microsoft Word 8.0
MD5: 1db2478705e3e97b9852efed7eddc649 SHA-1: f655e10c8725962faf806df6084150ddf45fa8bb SHA-256: 420ea5ee530675b8470d5265ef39cfa4409d7e08178ff6aa7c38072a16ebe687
60 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking

The sample is an OLE document containing an embedded PE executable. The document body text appears to be legitimate business correspondence, suggesting the embedded executable is the primary malicious component. The embedded executable is likely intended to be extracted and run by the user, leading to further malicious activity.

Heuristics 1

  • Embedded PE executable critical OLE_EMBEDDED_EXE
    MZ/PE header found inside document — possible embedded executable

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_office_00004000.exe
d5c7221ab402f353811829ecda52c8c891d3ffd7d4d14c2b1c3590679f8d370d		 embedded-pe Office MZ+PE at offset 0x4000 5120 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.