MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1137.001 Office Application Build
The sample is a Microsoft Office document containing an embedded OLE package. This package is flagged as risky because it drops an executable payload, identified as a JAR file named PncRitaZJ5a2FWBVEJoaWPliZ4A6JMe57H.JAR. The presence of this embedded, executable artifact strongly suggests the document is designed to deliver malware. The document body is minimal, providing no further context on the lure.
Heuristics 3
-
Ole10Native package drops an auto-executable payload critical OFFICE_PACKAGE_RISKY_FILEOLE Package displayName or fullPath ends in a directly auto-executable extension (a runnable binary or a script the default shell host runs on double-click). Embedding such a payload inside an Office document has no benign authoring use — it is a malware-delivery dropper.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ole10native_00.bin |
ole-package | OLE Ole10Native stream: ObjectPool/_1694514582/Ole10Native | 241255 bytes |
SHA-256: c09a0b2e7ac49143c47e2c40f4482f8b005350215fd2972d9c61d3fc127d8c7f |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
ole10native_00_PncRitaZJ5a2FWBVEJoaWPliZ4A6JMe57H.JAR |
ole-package-payload | OLE Ole10Native payload: ObjectPool/_1694514582/Ole10Native; display_name=PncRitaZJ5a2FWBVEJoaWPliZ4A6JMe57H.JAR; full_path=C:\Users\MICROS~1\AppData\Local\Temp\{7509322A-E63A-4669-8A67-1253E665C46D}\PncRitaZJ5a2FWBVEJoaWPliZ4A6JMe57H.JAR; temp_path=; def_file= | 240430 bytes |
SHA-256: 47701eab020ea7b3bb90cbf7d0f96c23ab10351f958fbf24ae60483248b1f000 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.