MALICIOUS
80
Risk Score
Malware Insights
MITRE ATT&CK
T1559 Component Object Model
T1559.001 Component Object Model
The file is an RTF document identified as malicious. Static analysis revealed the presence of multiple embedded OLE objects, specifically identified as 'Package' objects. These objects are often used to disguise and deliver malicious payloads. While no scripts were extracted, the structure strongly indicates an attempt to exploit OLE object handling to execute arbitrary code.
Heuristics 4
-
Package object class high RTF_OBJCLASS_PACKAGEOLE Package object — can wrap arbitrary files
-
OLE object data medium RTF_OBJDATARTF contains 3 \objdata section(s) — embedded OLE objects
-
Embedded OLE object medium RTF_OBJEMBRTF contains \objemb — embedded OLE object
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1134\margr1134\margt1417\margb1134\gutter0\ltrsect
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off00002c26.bin6982992cd3660d18e33c0594a5b113c794164a17d2363c6687079b3e65497114 |
rtf-objdata-decoded | RTF \objdata at offset 0x2C26 | 2373 bytes |
objdata_01_off0000b768.bin2ecd264ed476b56973cab7ea1abf674a7632f3fb1eb477c94177decdb1413ba4 |
rtf-objdata-decoded | RTF \objdata at offset 0xB768 | 10940 bytes |
objdata_02_off0001859e.bineb1fcd252eda0201b522df517fbb9506b0716339b5087c16f8445a4fa4a50295 |
rtf-objdata-decoded | RTF \objdata at offset 0x1859E | 11006 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.