Malicious RTF / .DOC — malware analysis report

Static analysis result for SHA-256 43658a53d9d34595…

MALICIOUS

RTF / .DOC

77.4 KB
MD5: 2c95d2da39354ef204c61ade459be4c6 SHA-1: 5df0d60413e896c8dec18c6774de2bbc1f6d4966 SHA-256: 43658a53d9d34595e4717fbbe75bc040f23ea5a7b77e48fc323737dc5ed4e2f3
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is an RTF document containing OLE object data, triggering heuristics for embedded OLE objects and OLE activation. This suggests an attempt to exploit vulnerabilities related to OLE object handling, likely for arbitrary code execution. No document body or script content was available for further analysis, limiting the ability to identify a specific malware family or detailed attack vector.

Heuristics 2

  • \objupdate forces OLE activation high RTF_OBJUPDATE
    RTF contains \objupdate — forces automatic OLE object instantiation when the document is opened, bypassing user interaction. Almost exclusively seen in Equation Editor exploit documents.
  • OLE object data medium RTF_OBJDATA
    RTF contains 1 \objdata section(s) — embedded OLE objects

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objdata_00_off00001d8a.bin
84dddb2b7dca62bea4ef3bb174523803ed88b6fc9b3ec7f672326e4ca86c7b91		 rtf-objdata-decoded RTF \objdata at offset 0x1D8A 4169 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.