Office (OLE) / .DOC malware analysis — malicious · 7fda735be13605c0

MALICIOUS

Office (OLE) / .DOC

124.5 KB Created: 2010-05-27 17:06:00 Authoring application: Microsoft Office Word

MD5: d374c9a660169366e8aa1949ccab507b SHA-1: a22d3e1b3786894df3a284b17b9a675b4bed5504 SHA-256: 7fda735be13605c01d2111f4cba148bfc8e01583eea70348102a988607a35b76

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment

The document itself discusses electrical steel, which appears to be a lure. The critical heuristic 'OLE_EMBEDDED_EXE' indicates a PE executable is embedded within the OLE document. This embedded executable is the primary indicator of malicious intent, likely serving as a downloader or initial payload. The 'SC_STR_SHELLEXEC' heuristic further suggests the embedded executable may be launched via ShellExecute.

Heuristics 2

Embedded PE executable critical OLE_EMBEDDED_EXE

MZ/PE header found inside document — possible embedded executable
Reference to ShellExecute API high SC_STR_SHELLEXEC

Reference to ShellExecute API

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_office_00011bee.exe` `74a46a99324035dbfc69ad82a0efd8fe12b50ec9426c6af7cf038e3db525ce27`	embedded-pe	Office MZ+PE at offset 0x11BEE	54802 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.