Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 56a2c110fa83576c…

MALICIOUS

Office (OLE) / .DOC

157.6 KB First seen: 2023-02-01
MD5: 451a57f49ed13dda73acc3bc7df2c522 SHA-1: ad28696fa36d519e61dbeecf11dca42d7488e8c1 SHA-256: 56a2c110fa83576c17bef10665c7f68cc5f5b3504d952dd5d50703345b2b5f7a
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was detected by ClamAV as 'Onenote.Downloader.Agent-9986032-1', indicating a known downloader. The document body contains text that appears to be a fake business communication, requesting confirmation of an order and a quotation, which is a common social engineering lure. No VBA macros were extractable due to an unsupported format, but the ClamAV detection and document content strongly suggest a malicious downloader.

Heuristics 2

  • ClamAV: Onenote.Downloader.Agent-9986032-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Onenote.Downloader.Agent-9986032-1
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (FileOpenError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.