Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 e03a7b921d3ebd2e…

MALICIOUS

Office (OLE) / .DOC

1.21 MB Created: 2021-12-07 15:54:00 Authoring application: Microsoft Office Word
MD5: 8829fbb9f6c18f5efee3bda323e89cee SHA-1: 8e3c43f0b0e404470c63af05bc668950aa6fa70b SHA-256: e03a7b921d3ebd2e5d1f850933f956813abf8abd23d42451f2df9b32e1f8c178
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is a malicious DOC file containing VBA macros. The AutoOpen macro is present and attempts to write to files in a suspicious directory 'c:\.intel\.rem\'. The script also reconstructs a path 'c:\.intel\.rem\1.png' and appears to be preparing to write obfuscated content to it, likely to download and execute a second-stage payload. The presence of the AutoOpen macro and the file writing behavior strongly suggest a malicious intent.

Heuristics 2

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
fd7bf5e86b7add43990190c4b572175f943d59f971c440a7b56dda67fd9d96df		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 49451 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.