MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
The sample is a malicious Office document that embeds a batch file disguised as a PDF. The embedded batch file, named 'Preventive Measures.PDF.bat', is designed to be executed automatically, likely leading to arbitrary command execution on the victim's system. The document body is minimal, providing no further context on the lure.
Heuristics 2
-
Ole10Native package drops an auto-executable payload critical OFFICE_PACKAGE_RISKY_FILEOLE Package displayName or fullPath ends in a directly auto-executable extension (a runnable binary or a script the default shell host runs on double-click). Embedding such a payload inside an Office document has no benign authoring use — it is a malware-delivery dropper.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ole10native_00.bin |
ole-package | OLE Ole10Native stream: ObjectPool/_1662293114/Ole10Native | 18488 bytes |
SHA-256: ca0d41e8c36c7da2d8298a77e04e32e7ec2fc929ba3cd8fc9f9dee26ad7834f6 |
|||
ole10native_01.bin |
ole-package | OLE Ole10Native stream: ObjectPool/_1662293115/Ole10Native | 18482 bytes |
SHA-256: d811c80afecbe41c43d7bdb92e07ed9bf50d076f0fec52813edc3abb02732916 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.