MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
T1566.001 Spearphishing Attachment
The sample contains a malicious DDE command that attempts to execute cmd.exe with the argument to launch calc.exe. This indicates an attempt to exploit the DDE feature for arbitrary command execution. While the command is benign, the technique is malicious and commonly used to download and execute more harmful payloads.
Heuristics 2
-
Malicious DDE command critical OOXML_DDE_MALICIOUSDDE field in word/document.xml launches a dangerous executable: \\system32\\cmd.exe
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/markup-compatibility/2006 In document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/relationshipsIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/mathIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/wordprocessingml/2006/mainIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2006/wordmlIn document text (OOXML body / shared strings)
Open this report in the interactive analyzer, or submit your own file for analysis.