Malicious Office (OOXML) / .DOCX — malware analysis report

Static analysis result for SHA-256 58eacb69b52af10b…

MALICIOUS

Office (OOXML) / .DOCX

330 B
MD5: 3a0e8ed891f5ce4c67f346a798e9d285 SHA-1: bad36c7e7cf0cc81f50eeeb76a6d9e7e2009b416 SHA-256: 58eacb69b52af10bd468a3cb64118637558d2b9a463ac946598eb5e0266407d1
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious File

The OOXML_REMOTE_TEMPLATE heuristic fired, indicating the document is configured to load content from the URL https://ln24.ir/n2KJQK. This is a common technique for delivering secondary payloads or initiating phishing attacks. The presence of a standalone relationship file also suggests a potentially unusual or malicious structure.

Heuristics 2

  • Remote template injection high OOXML_REMOTE_TEMPLATE
    Standalone relationship XML references a remote template URL (https://ln24.ir/n2KJQK). This is the same attachedTemplate/template relationship shape used for remote-template injection in OOXML packages.
    URL https://ln24.ir/n2KJQK
  • Standalone OOXML relationship file medium OOXML_STANDALONE_RELS
    File is raw OOXML relationship XML rather than a valid OOXML ZIP package. This malformed Office-extension payload still declares an external relationship and should be reviewed as relationship-based Office content.
    URL https://ln24.ir/n2KJQK
    • http://schemas.openxmlformats.org/package/2006/relationships
    • http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate

Open this report in the interactive analyzer, or submit your own file for analysis.