Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 dce682c632f92610…

MALICIOUS

Office (OLE)

16.4 KB First seen: 2021-01-15
MD5: e89fb70f0a8c00e77d922e9d6da24692 SHA-1: 2e53d771c57c5468134286f273eeecb6c8fbf6d5 SHA-256: dce682c632f926107894ff99b746ed36264077d7d504c76b28725ee044c690ff
202 Risk Score

Heuristics 5

  • Word local-zone ADODB.Recordset exploit — CVE-2015-0097 critical CVE likely CVE_2015_0097
    Word/OLE document contains the CVE-2015-0097 public exploit chain: MSScriptControl/HTML script execution reaches ADODB.Recordset.Save and writes an HTA/VBS stage into the user's Startup folder.
  • ClamAV: Doc.Dropper.Agent-7463164-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-7463164-0
  • Reference to Windows Script Host high SC_STR_WSCRIPT
    Reference to Windows Script Host
  • Reference to mshta.exe high SC_STR_MSHTA
    Reference to mshta.exe
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.new.searchneasy.com/system/logs/ In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.