Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 50e282028a34746d…

MALICIOUS

Office (OLE)

37.0 KB Created: 2007-04-08 03:34:00 Authoring application: Microsoft Word 9.0 First seen: 2015-09-20
MD5: 0a331e1e60ff38b1f25c101f9965a4c0 SHA-1: 70e30f1b28ab773cb94773bf314612ebeea01776 SHA-256: 50e282028a34746ddad5adde9d3d356a2d284d56d1c0446a17729fade4af2199
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as a dropper by ClamAV, indicating its primary function is to deliver other malware. The document body contains embedded hyperlinks and images, which are common lures for phishing or malware download attempts. The presence of these elements suggests the document is designed to trick the user into interacting with malicious content hosted at the provided URLs.

Heuristics 2

  • ClamAV: Doc.Dropper.Agent-6958243-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-6958243-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.hrmatters21.net/ In document text (OLE body)
    • http://us.a2.yahoofs.com/groups/g_3256349/.HomePage/__sr_/439e.jpg?grK4qLEBVO5P7DLNIn document text (OLE body)