Office (OOXML) / .DOCX malware analysis — malicious · e82f8410952e737f

MALICIOUS

Office (OOXML) / .DOCX

379 B

MD5: 492398b72fb3e627e74b5c797f50676c SHA-1: ead0e73b2528fc55e0d68a97999e669bf37361cc SHA-256: e82f8410952e737fa339bd2e35ea78440108f190b636d4183c2dce3c73e441ed

60 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious Link T1059 Command and Scripting Interpreter

The OOXML document contains a high-severity heuristic indicating remote template injection. The malicious URL http://91.92.240.104:7777/apexfurllc.top/invoicegen/officedocuments.doc is present and likely serves as a lure to download a secondary payload. No scripts were extracted, but the presence of the remote template strongly suggests a downloader or exploit delivery mechanism.

Heuristics 2

Remote template injection high OOXML_REMOTE_TEMPLATE

Standalone relationship XML references a remote template URL (http://91.92.240.104:7777/apexfurllc.top/invoicegen/officedocuments.doc). This is the same attachedTemplate/template relationship shape used for remote-template injection in OOXML packages.

URL http://91.92.240.104:7777/apexfurllc.top/invoicegen/officedocuments.doc
Standalone OOXML relationship file medium OOXML_STANDALONE_RELS

File is raw OOXML relationship XML rather than a valid OOXML ZIP package. This malformed Office-extension payload still declares an external relationship and should be reviewed as relationship-based Office content.
URL http://91.92.240.104:7777/apexfurllc.top/invoicegen/officedocuments.doc
- http://schemas.openxmlformats.org/package/2006/relationships
- http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate

Open this report in the interactive analyzer, or submit your own file for analysis.