Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 be162c600adc1f5f…

MALICIOUS

Office (OLE) / .DOC

108.5 KB Created: 2025-01-14 23:07:00 Authoring application: Microsoft Office Word First seen: 2025-02-11
MD5: 66dde192f25ef4e186dc16216f0ee309 SHA-1: a8ca6682387e41c1d9f4c64ddcab128af8124d11 SHA-256: be162c600adc1f5fff865ad7fbf1302d5b2f68733eadecfe0ba9efabd66a7759
82 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter

The sample exhibits characteristics of an advance-fee scam, using language related to lotteries, prizes, and parcel delivery to deceive the user. A high-severity heuristic also detected a reference to PowerShell, suggesting potential for malicious script execution. While no specific malware family is identified, the combination of the lure and the PowerShell reference indicates a likely malicious intent to trick the user into a fraudulent transaction.

Heuristics 3

  • Reference to PowerShell high SC_STR_POWERSHELL
    Reference to PowerShell
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main
    • http://schemas.openxmlformats.org/officeDocument/2006/bibliography
    • http://schemas.openxmlformats.org/officeDocument/2006/customXml

Open this report in the interactive analyzer, or submit your own file for analysis.