Office (OOXML) / .DOC malware analysis — malicious · 485bc6844a29d1b8

MALICIOUS

Office (OOXML) / .DOC

22.6 KB First seen: 2023-06-05

MD5: de4798e96e910003cbc4053b67936657 SHA-1: b50d719637c9a5f7b9c6c4f0d214984ffc46bbb7 SHA-256: 485bc6844a29d1b8e1ee90c33ca6731182a48cf410be075e73a1b62da9c9a429

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The document body clearly indicates an advance-fee scam, impersonating Google to trick users into believing they have won a large prize. It prompts the user to send personal information to a specific email address to claim the fraudulent winnings. The presence of embedded OLE objects further suggests a malicious intent, likely to deliver a secondary payload.

Heuristics 2

Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE

Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `fc6b8178b08375fc08218f4163369efbdb70b1c8b092b56e3e963a291f38fdda`	ooxml-ole-object	OOXML embedded OLE part: word/embeddings/oleObject0.bin	8192 bytes
`ooxml_oleobject_01.bin` `957e5bec704e750d62f0f7f654392540b1d5ad382136c93592768be4f8a135bc`	ooxml-ole-object	OOXML embedded OLE part: word/embeddings/oleObject2.bin	16384 bytes
`ooxml_oleobject_02.bin` `5dfb8fcb0840fb6985f2ccfe5d0da5123bc9e5194f98452f1421531c1f7bb922`	ooxml-ole-object	OOXML embedded OLE part: word/embeddings/oleObject1.bin	5120 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.