Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 d035eeaf095adeb7…

MALICIOUS

Office (OLE) / .DOC

33.0 KB
MD5: d6fa1bfbd4cac72015e69bb14ed035cd SHA-1: c3b008a9de14bb00e4e39089fc27ebf7bfa71ce8 SHA-256: d035eeaf095adeb7c269707676e0ac6c943aa90f05f67ae85e115904965738b9
60 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking

The file is a Microsoft Office document that contains an embedded Portable Executable (PE) file. This is a common technique for delivering malware, where the user is tricked into opening the document and then executing the embedded payload. No scripts were extracted, and the document body content does not provide further clues on the specific lure.

Heuristics 2

  • Embedded PE executable critical OLE_EMBEDDED_EXE
    MZ/PE header found inside document — possible embedded executable
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/2001/XMLSchema-instance

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_office_00005000.exe
1706f247c01428eb279126678948052a3fec21de7a7caefe34fedec17418feac		 embedded-pe Office MZ+PE at offset 0x5000 13312 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.