MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
The sample contains heuristics indicating an external OLE object relationship pointing to an HTA file hosted on the IP address 97.64.28.21. This suggests the document is designed to trick the user into downloading and executing a malicious script from the specified URL, likely as part of a phishing campaign.
Heuristics 3
-
MSHTML-style external object relationship critical OFFICE_MSHTML_EXTERNAL_OBJECTExternal relationship to http://97.64.28.21/web/02.hta — exploitable MSHTML/CAB/MHTML/HTA-style Office attack surface
-
External OLE object relationship high OOXML_EXTERNAL_OLE_OBJECTDocument contains an oleObject relationship whose target is an external HTTP(S) URL. Office resolves this through OLE/object update paths rather than as a normal user-clicked hyperlink.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://97.64.28.21/web/02.hta In document text (OOXML body / shared strings)
Open this report in the interactive analyzer, or submit your own file for analysis.