Office (OOXML) / .DOC static analysis report

Static analysis result for SHA-256 dead2a6669f26b40…

SUSPICIOUS

Office (OOXML) / .DOC

281.5 KB Created: 2023-06-08 11:02:00 UTC Authoring application: Microsoft Office Word 16.0000 First seen: 2023-06-13
MD5: 33831f795ba617bca690c4df364cb54e SHA-1: 6a57710594cf7e3c0e8b5be9fbbbb6187eb790b9 SHA-256: dead2a6669f26b4029fd444608a068c29a1fcf70b1e51abed06e699edf155590
50 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file contains external hyperlinks and an external relationship pointing to a remote resource and a local template file, respectively. These indicators suggest an attempt to load external content, which is a common technique for delivering malware. The presence of these elements, combined with the 'suspicious' verdict, indicates a high likelihood of malicious intent, possibly involving the download of a second-stage payload.

Heuristics 3

  • External relationship high OOXML_EXTERNAL_REL
    External target in word/_rels/settings.xml.rels: file:///C:\Users\kstamnielsen\AppData\Local\Temp\3\Templafy\WordVsto\x4vhc3bd.dotx
  • External hyperlinks (2) low OOXML_EXTERNAL_HYPERLINKS
    Document contains 2 external hyperlinks — clickable URLs are stored as external relationships. First target: https://osf.io/3pt5k
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://github.com/citation-style-language/schema/raw/master/csl-citation.json OOXML external relationship
    • https://www.care.org.au/wp-content/uploads/2018/12/STOP-Rapid-Review.pdfOOXML external relationship
    • https://wiki.jbi.global/display/MANUAL/Chapter+11%3A+Scoping+reviewsOOXML external relationship
    • http://www.jacksonkatz.com/aboutmvp.htmlDocument hyperlink
    • http://schemas.microsoft.com/office/word/2010/wordprocessingCanvasOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2014/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2015/9/8/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2015/10/21/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/9/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/10/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/11/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/12/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/13/chartexOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/5/14/chartexOOXML external relationship
    • http://schemas.openxmlformats.org/markup-compatibility/2006OOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2016/inkOOXML external relationship
    • http://schemas.microsoft.com/office/drawing/2017/model3dOOXML external relationship
    • http://schemas.microsoft.com/office/2019/extlstOOXML external relationship
    • http://schemas.openxmlformats.org/officeDocument/2006/relationshipsOOXML external relationship
    • http://schemas.openxmlformats.org/officeDocument/2006/mathOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingOOXML external relationship
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingOOXML external relationship
    • http://schemas.openxmlformats.org/wordprocessingml/2006/mainOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordmlOOXML external relationship
    • http://schemas.microsoft.com/office/word/2012/wordmlOOXML external relationship
    • http://schemas.microsoft.com/office/word/2018/wordml/cexOOXML external relationship
    • http://schemas.microsoft.com/office/word/2016/wordml/cidOOXML external relationship
    • http://schemas.microsoft.com/office/word/2018/wordmlOOXML external relationship
    • http://schemas.microsoft.com/office/word/2023/wordml/word16duOOXML external relationship
    • http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahashOOXML external relationship
    • http://schemas.microsoft.com/office/word/2015/wordml/symexOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordprocessingGroupOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordprocessingInkOOXML external relationship
    • http://schemas.microsoft.com/office/word/2006/wordmlOOXML external relationship
    • http://schemas.microsoft.com/office/word/2010/wordprocessingShapeOOXML external relationship
    • http://zotero.org/users/9965330/items/JG7H8ZM2OOXML external relationship
    • https://www.ilo.org/dyn/normlex/en/f?p=NORMLEXPUB:12100:0::NO::P12100_ILO_CODE:C190OOXML external relationship
    • http://zotero.org/users/9965330/items/K7T29DDDOOXML external relationship
    • http://zotero.org/users/9965330/items/UNGQT6I2OOXML external relationship
    • http://zotero.org/users/9965330/items/I8GRVYB5OOXML external relationship
    • https://www.unwomen.org/sites/default/files/Headquarters/Attachments/Sections/Library/Publications/2019/Addressing-violence-and-harassment-against-women-in-the-world-of-work-en.pdfOOXML external relationship
    • http://zotero.org/users/9965330/items/B7A7QLLHOOXML external relationship
    • http://zotero.org/users/9965330/items/VNY8S8LTOOXML external relationship
    • http://zotero.org/users/9965330/items/IU74GSQAOOXML external relationship
    • https://doi.org/10.1080/08995605.2011.589353OOXML external relationship
    • http://zotero.org/users/9965330/items/FK3M6JZJOOXML external relationship
    • http://zotero.org/users/9965330/items/NWLA4NHFOOXML external relationship
    • https://www.nap.edu/catalog/24994OOXML external relationship
    • http://zotero.org/users/9965330/items/V5CF29GFOOXML external relationship
    • http://zotero.org/users/9965330/items/VGBM2NKNOOXML external relationship
    +67 more URL(s)