Office (OOXML) / .DOC static analysis report

Static analysis result for SHA-256 a30100344e4f6c0a…

SUSPICIOUS

Office (OOXML) / .DOC

208.9 KB Created: 2020-07-15 06:26:00 UTC Authoring application: Microsoft Office Word 16.0000 First seen: 2026-05-28
MD5: 4c46ca8307da54b42c9328c21967dffe SHA-1: 656af3ce2a798632361131139956e499de130a58 SHA-256: a30100344e4f6c0a203f565cc8871116d652bb74a315196eb8a0bee7156d0b9c
50 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The document contains an external hyperlink and an external relationship, indicating an attempt to link to or load content from an external source. The external relationship points to a local file path, which is suspicious. No scripts were extracted, and the document body was truncated, limiting further analysis. The heuristics suggest a potential for malicious content loading.

Heuristics 3

  • External relationship high OOXML_EXTERNAL_REL
    External target in word/_rels/settings.xml.rels: file:///C:\Documents and Settings\rtuano0\Local Settings\Temporary Internet Files\Content.IE5\GIXWKIQR\Role Description
  • External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS
    Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://www.psc.nsw.gov.au/workforce-management/capability-framework/the-capability-framework
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.psc.nsw.gov.au/workforce-management/capability-framework/the-capability-framework Document hyperlink
    • http://schemas.microsoft.com/office/word/2010/wordprocessingCanvasOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2014/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2015/9/8/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2015/10/21/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/9/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/10/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/11/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/12/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/13/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/14/chartexOOXML external relationship
    • http://schemas.openxmlformats.org/markup-compatibility/2006OOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/inkOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2017/model3dOOXML external relationship
    • http://schemas.openxmlformats.org/officeDocument/2006/relationshipsOOXML external relationship
    • http://schemas.openxmlformats.org/officeDocument/2006/mathOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingOOXML external relationship
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingOOXML external relationship
    • http://schemas.openxmlformats.org/wordprocessingml/2006/mainOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordmlOOXML external relationship
    • http://schemas.microsoft.com/office/word/2012/wordmlOOXML external relationship
    • http://schemas.microsoft.com/office/word/2016/wordml/cidOOXML external relationship
    • http://schemas.microsoft.com/office/word/2015/wordml/symexOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordprocessingGroupOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordprocessingInkOOXML external relationship
    • http://schemas.microsoft.com/office/word/2006/wordmlOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordprocessingShapeOOXML external relationship
    • http://ns.adobe.com/xap/1.0/OOXML external relationship
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#OOXML external relationship
    • http://ns.adobe.com/xap/1.0/mm/OOXML external relationship
    • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#OOXML external relationship
    • http://purl.org/dc/elements/1.1/OOXML external relationship
    • http://ns.adobe.com/photoshop/1.0/OOXML external relationship