Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 422317cd57ff7856…

MALICIOUS

Office (OLE) / .DOC

116.0 KB Created: 2012-09-21 09:56:09 Authoring application: Windows Installer
MD5: 1422b2724aa98768ea7c39ffb21c29b2 SHA-1: 972396f4f20a3997e8ff1313e99a315b338ecf5d SHA-256: 422317cd57ff785699340e850f2c7dccab6706ddfafafa212debedff358163b8
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.003 Windows Command Shell T1204.002 Malicious File

The sample contains an embedded PE executable, identified by the OLE_EMBEDDED_EXE heuristic. Additionally, the SE_CLIPBOARD_COMMAND_LURE heuristic indicates that the document explicitly instructs the user to copy and paste content into a command-line interface. This strongly suggests a social engineering tactic to trick the user into running the embedded executable, which is likely a downloader or initial access payload. No scripts were extracted, limiting further analysis of the embedded executable's behavior.

Heuristics 2

  • Embedded PE executable critical OLE_EMBEDDED_EXE
    MZ/PE header found inside document — possible embedded executable
  • Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE
    Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_office_00006000.exe
c3b3652162f70b05e02ba7f5544144e6b8e4ff2ff9b842968ec88c61d3eb7d89		 embedded-pe Office MZ+PE at offset 0x6000 94208 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.