Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 51313ced4fce6284…

MALICIOUS

Office (OLE) / .DOC

230.7 KB
MD5: 33fc61d75012c21a3fa6bb6dbf7bf4be SHA-1: 6bc3734e475e847103c22efd75d7e1c36c86b0b6 SHA-256: 51313ced4fce6284b3a97275cf67f5d3ada6ef0034941787995a29632d5e6499
68 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as a malicious dropper by ClamAV. Although the VBA project contains no executable statements, the presence of an embedded URL and the ClamAV detection strongly suggest a malicious intent, likely to download and execute a second-stage payload. The document body is obfuscated and does not provide further clues.

Heuristics 3

  • ClamAV: Doc.Dropper.EmotetGrey1220-9816015-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.EmotetGrey1220-9816015-0
  • VBA project contains no executable statements low OLE_VBA_MACROS
    Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main

Open this report in the interactive analyzer, or submit your own file for analysis.