MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The document's body text clearly indicates an advance-fee scam, impersonating a solicitor to claim a large inheritance. The presence of an embedded OLE object suggests the potential for further malicious activity, such as dropping additional payloads or executing embedded scripts. No scripts were extracted from this sample, limiting the analysis of the exact execution chain.
Heuristics 3
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/markup-compatibility/2006
- http://schemas.openxmlformats.org/officeDocument/2006/relationships
- http://schemas.openxmlformats.org/officeDocument/2006/math
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing
- http://schemas.openxmlformats.org/wordprocessingml/2006/main
- http://schemas.microsoft.com/office/word/2006/wordml
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.binef8865c51136af8edd0b6c026c676120041966ddef59abdbffe5f62fab8634bb |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject1.bin | 363008 bytes |
emf_00.emf178c411b16ec3cd6c280c2c883841a531a957f19ed56a58682f277cafe9d61c5 |
ooxml-emf | OOXML EMF part: word/media/image1.emf | 245276 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.