Malicious Office (OOXML) / .DOC — malware analysis report

Static analysis result for SHA-256 6a6e33262d33527d…

MALICIOUS

Office (OOXML) / .DOC

3.82 MB Created: 2024-01-17 09:31:00 UTC Authoring application: Microsoft Office Word 16.0000 First seen: 2024-10-07
MD5: 9269a68dc5ad7dc5eae4bcf17ad796f8 SHA-1: 5cb2ff737948d869e9b2b5d20b85e4d401bf94a5 SHA-256: 6a6e33262d33527dbd02e4476ffa64054c503ef9c4478aa758df4ed98252dd3b
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The OOXML document contains an embedded OLE object, a common method for delivering malicious content. A NOP sled was also detected, suggesting potential shellcode execution. While no specific malicious URLs or scripts were directly identified in the provided excerpts, the presence of these indicators strongly suggests an attempt to execute a secondary payload.

Heuristics 3

  • NOP sled detected high SC_NOP_SLED
    Found 20+ consecutive 0x90 bytes
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://localhost/DVWA/vulnerabilities/brute/?username=FUZZ&password=FUZ2Z&Login=Login
    • http://localhost/DVWA/vulnerabilities/brute/index.php
    • http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas
    • http://schemas.microsoft.com/office/drawing/2014/chartex
    • http://schemas.microsoft.com/office/drawing/2015/9/8/chartex
    • http://schemas.microsoft.com/office/drawing/2015/10/21/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/9/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/10/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/11/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/12/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/13/chartex
    • http://schemas.microsoft.com/office/drawing/2016/5/14/chartex
    • http://schemas.openxmlformats.org/markup-compatibility/2006
    • http://schemas.microsoft.com/office/drawing/2016/ink
    • http://schemas.microsoft.com/office/drawing/2017/model3d
    • http://schemas.openxmlformats.org/officeDocument/2006/relationships
    • http://schemas.openxmlformats.org/officeDocument/2006/math
    • http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing
    • http://schemas.openxmlformats.org/wordprocessingml/2006/main
    • http://schemas.microsoft.com/office/word/2010/wordml
    • http://schemas.microsoft.com/office/word/2012/wordml
    • http://schemas.microsoft.com/office/word/2018/wordml/cex
    • http://schemas.microsoft.com/office/word/2016/wordml/cid
    • http://schemas.microsoft.com/office/word/2018/wordml
    • http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahash
    • http://schemas.microsoft.com/office/word/2015/wordml/symex
    • http://schemas.microsoft.com/office/word/2010/wordprocessingGroup
    • http://schemas.microsoft.com/office/word/2010/wordprocessingInk
    • http://schemas.microsoft.com/office/word/2006/wordml
    • http://schemas.microsoft.com/office/word/2010/wordprocessingShape

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
48e95aff513654c876bf9d7f4a49335aabe01f7c9f9fa2bcb8e83eb4236b6afc		 ooxml-ole-object OOXML embedded OLE part: word/embeddings/oleObject1.bin 5120 bytes
ooxml_oleobject_00_ole10native_00.bin
826900a397d274807a349623f60124e20807b284ddbfb6236fd089360e9b71fb		 ole-package OOXML word/embeddings/oleObject1.bin Ole10Native stream: Ole10Native 2595 bytes
emf_00.emf
efd53747a817ea8e906601162a62ee66850d5cf64027c1d5037ad4f978606511		 ooxml-emf OOXML EMF part: word/media/image25.emf 7864 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.