Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 c0bf7ea65610117b…

MALICIOUS

Office (OLE) / .DOC

80.5 KB
MD5: 7ee4958b70cf333616dce55936f5c232 SHA-1: 84cc5a66bf53c7e5790bf62a465d2da1b34cfe46 SHA-256: c0bf7ea65610117b1781821ce6d3664bec277a8391375e064f2c3093e5d2c8ad
140 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The sample is an Office document containing an embedded PE executable. Heuristics indicate references to LoadLibrary and GetProcAddress APIs, common in malware execution. The embedded executable is the primary indicator of malicious intent, suggesting a downloader or dropper functionality. The document body itself appears to be benign academic text, indicating a lure.

Heuristics 3

  • Embedded PE executable critical OLE_EMBEDDED_EXE
    MZ/PE header found inside document — possible embedded executable
  • Reference to LoadLibrary API high SC_STR_LOADLIBRARY
    Reference to LoadLibrary API
  • Reference to GetProcAddress API high SC_STR_GETPROCADDRESS
    Reference to GetProcAddress API

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_office_0000e000.exe
aa482e9827a3d9be996e3b3a383e61f923242f07957258898eb234aff5e7e7f4		 embedded-pe Office MZ+PE at offset 0xE000 25088 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.