Malicious Office (OLE) / .000 — malware analysis report

Static analysis result for SHA-256 634c7f1f5682af46…

MALICIOUS

Office (OLE) / .000

107.1 KB Created: 2001-02-02 13:39:35 Authoring application: Microsoft Excel
MD5: 328e54638837714f7eba10e21e8a383c SHA-1: 86fbcc058b170e7c9ad2d479ecb322a4c8b10949 SHA-256: 634c7f1f5682af46310c42c8e17442056dedab88985aa72e010e218c595d21a0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The sample is an Office document containing an embedded Portable Executable (PE) file. This strongly suggests a spearphishing attachment attack where the user is tricked into opening the document and then extracting or running the embedded executable. The embedded executable is the primary indicator of malicious intent, likely serving as a second-stage payload.

Heuristics 1

  • Embedded PE executable critical OLE_EMBEDDED_EXE
    MZ/PE header found inside document — possible embedded executable

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_office_00012600.exe
68f58f10e8d91ac71370f4184b679957087a41b0f8e5e690c90b7f306e4d87a5		 embedded-pe Office MZ+PE at offset 0x12600 34369 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.