Office (OOXML) malware analysis — malicious · 8c28b520e3c06df8

MALICIOUS

Office (OOXML)

69.1 KB Created: 2017-05-22 22:37:00 UTC Authoring application: Microsoft Office Word 12.0000 First seen: 2021-05-29

MD5: 4fd96095c9478b8b31e7644f73ee41e1 SHA-1: 149be6c1ba57e1925dbe30246b16c9e228e2c31e SHA-256: 8c28b520e3c06df82963f6fa7bec8e671728491e2c0cd8cb9564a3ba0ada434f

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a signature indicating it is a phishing-related trojan. While no specific malicious URLs or scripts were extracted, the presence of embedded URLs within the document structure suggests an attempt to trick the user into navigating to external resources. The document body contains obfuscated text, which is likely a lure.

Heuristics 2

ClamAV: Doc.Phishing.Trojan-f0f00f1e320f0ff8-10045462-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Phishing.Trojan-f0f00f1e320f0ff8-10045462-0
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://schemas.openxmlformats.org/markup-compatibility/2006 In document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/relationshipsIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/mathIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/wordprocessingml/2006/mainIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2006/wordmlIn document text (OOXML body / shared strings)

Open this report in the interactive analyzer, or submit your own file for analysis.