MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious File
The sample contains heuristics indicating the presence of an external OLE object pointing to an HTA file. This HTA file is hosted on the IP address 97.64.28.21. The document likely attempts to trick the user into downloading and executing this HTA file, which is a common method for delivering malicious payloads.
Heuristics 3
-
MSHTML-style external object relationship critical OFFICE_MSHTML_EXTERNAL_OBJECTExternal relationship to http://97.64.28.21/web/01.hta — exploitable MSHTML/CAB/MHTML/HTA-style Office attack surface
-
External OLE object relationship high OOXML_EXTERNAL_OLE_OBJECTDocument contains an oleObject relationship whose target is an external HTTP(S) URL. Office resolves this through OLE/object update paths rather than as a normal user-clicked hyperlink.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://97.64.28.21/web/01.hta In document text (OOXML body / shared strings)
Open this report in the interactive analyzer, or submit your own file for analysis.