Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 d6acc7850da4da43…

MALICIOUS

Office (OLE) / .DOC

3.5 KB First seen: 2022-08-08
MD5: b56f16c5bb4a8b885d7540ea580fe919 SHA-1: e1be6630041db54eb1f1f32d74c9c01e842d26c9 SHA-256: d6acc7850da4da437b24d0943d01525f35f65b5c47da0a39ce05bbb4b9d51935
80 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.003 Windows Command Shell

The sample contains an Equation Editor OLE object, a known vector for exploiting vulnerabilities like CVE-2017-11882. Heuristics also indicate a suspicious invocation of cmd.exe, suggesting the exploitation leads to command execution. No further IOCs or document body content were available for analysis.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Contains Equation Editor object — related to CVE-2017-11882 / CVE-2018-0802 exploitation, but CLSID presence alone is not the malformed MTEF exploit primitive.
  • Suspicious cmd.exe invocation with execution flag high SC_STR_CMD
    Suspicious cmd.exe invocation with execution flag

Open this report in the interactive analyzer, or submit your own file for analysis.