Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 c246066ba672ea9e…

MALICIOUS

Office (OLE) / .DOC

43.5 KB Created: 2021-02-12 03:03:00 Authoring application: Microsoft Office Word
MD5: 2419f500c59b4ec968d70e55da81ba4f SHA-1: 55710360278839a19c0ce9b8683b34192228c6ed SHA-256: c246066ba672ea9e8e0879f3f163c06b65ae73ab034261027712b51b1142d026
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.003 Windows Command Shell

The file is a malicious OLE document containing a batch script embedded within an Ole10Native object. Heuristics indicate a potential exploitation of CVE-2026-21514 and the presence of a risky file type (batch script). The document also contains a lure to enable macros or editing, suggesting it's a dropper designed to execute the embedded batch file.

Heuristics 4

  • OLE with Ole10Native — possible CVE-2026-21514 exploitation high CVE likely CVE_2026_21514
    Document contains a Word OLE object with Ole10Native plus executable, PE, or risky remote-link indicators. CVE-2026-21514 exploits OLE metadata validation; this stronger structure is treated as likely exploitation.
  • Ole10Native package carries executable/script file type high OFFICE_PACKAGE_RISKY_FILE
    OLE Package displayName or fullPath ends in an executable or script-capable extension. Even without UI extension spoofing, embedding a runnable payload inside an Office document is a high-risk delivery pattern.
  • Macro/content-enable lure medium SE_ENABLE_LURE
    Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ole10native_00.bin
3a7d0b9d8bb0a5956f05610580926ec7bae44d56496e2334a70be474ea40aa68		 ole-package OLE Ole10Native stream: ObjectPool/_1675638362/Ole10Native 24112 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.