Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 add44f7f988305fd…

MALICIOUS

Office (OLE)

23.5 KB Created: 2017-10-30 13:08:00 Authoring application: Microsoft Office Word First seen: 2017-11-13
MD5: 0623b81793d288d085cbf74cc3bd6cc3 SHA-1: a760703a7b9b4aa95eda3bccf4a5fbb49c2c845f SHA-256: add44f7f988305fd18bec398ce6bc981462248d5e4fde99f030e1bb53a173ec5
62 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The sample is a malicious Office document that leverages Dynamic Data Exchange (DDE) to execute commands. The document body explicitly contains the DDEAUTO command to launch cmd.exe, which in turn executes calc.exe. This indicates an attempt to achieve arbitrary command execution on the victim's machine, likely delivered via spearphishing.

Heuristics 2

  • ClamAV: Doc.Dropper.Agent-6369226-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-6369226-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.