MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
The RTF document contains OLE object data and instructs the user to enable editing and macros, a common lure for malware delivery. The presence of suspicious extracted artifacts, identified as shellcode command strings, further indicates malicious intent. The embedded OLE objects are likely payloads or components of a downloader.
Heuristics 3
-
Suspicious extracted artifact high EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
OLE object data medium RTF_OBJDATARTF contains 2 \objdata section(s) — embedded OLE objects
-
Macro/content-enable lure medium SE_ENABLE_LUREDocument instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off00000966.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x966 | 167982 bytes |
SHA-256: 74b9f63bea7d95fa5a55cc46eb123fe992f1dffabe1eee69649b4fd6520e091f |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Static shellcode analysis recovered command string(s): WScript.Shell"")")
|
|||
objdata_01_off0000514d.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x514D | 167968 bytes |
SHA-256: 38eb8b5015d60306d831efb88e38fe72241a76902d94811203fd7f11c6f08b9c |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Static shellcode analysis recovered command string(s): WScript.Shell"")")
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.