Office (OLE) / .DOC malware analysis — malicious · d4d44991fb95ff7d

MALICIOUS

Office (OLE) / .DOC

108.0 KB Created: 2023-06-09 19:53:00 Authoring application: Microsoft Office Word First seen: 2023-07-22

MD5: ee541050dbc072d38c87cbd751b08f19 SHA-1: 70eda21639b31f5188b955dc8b4e629c712904e2 SHA-256: d4d44991fb95ff7d8c19bd7af4477eef5dca0a849fffd61b74eb645645b3bb70

62 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The document contains explicit language related to winning a lottery and requiring payment for processing, which is a common advance-fee scam. The presence of an XLM macro sheet indicates a potential for malicious automation, although no specific malicious script was extracted. The embedded URL is confirmed benign and likely decorative.

Heuristics 3

Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE

Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main

Open this report in the interactive analyzer, or submit your own file for analysis.