Malicious Office (OOXML) / .DOC — malware analysis report

Static analysis result for SHA-256 9ed29dd1f335994b…

MALICIOUS

Office (OOXML) / .DOC

345.9 KB First seen: 2022-05-23
MD5: 264bb341d30b21d0ab86d8b6091c25d2 SHA-1: 934807404eb9fda1757d370d660abc1280c3209f SHA-256: 9ed29dd1f335994b4300483705419c41cf7758000aa86f76923fc70b497ea20e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The document body clearly indicates an advance-fee lottery scam, with language about unclaimed prize money and a large sum of EUROS. The presence of embedded OLE objects further supports the malicious nature of the document, likely containing a payload or exploit. No scripts were extracted, but the lure itself is sufficient to classify the attack pattern.

Heuristics 2

  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
b3a318ce16f5402c48630d8bfe42af8fe6ba0254c129e043bb11b31f2107e2c4		 ooxml-ole-object OOXML embedded OLE part: word/embeddings/oleObject0.bin 565248 bytes
ooxml_oleobject_01.bin
e57da60723135e3def53273e18aa776c1b0c0e9b8bb296c76d0acbcf2210ef22		 ooxml-ole-object OOXML embedded OLE part: word/embeddings/oleObject1.bin 391680 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.