Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 ea48e89f867a945a…

MALICIOUS

Office (OLE) / .DOC

140.0 KB Created: 2017-05-18 03:38:00 Authoring application: Microsoft Office Word First seen: 2022-06-17
MD5: be8219a80e3c0ab59226b2fbad2e441f SHA-1: a07a57ccf59cdeb00bd869e85c2fb02e0bd65c78 SHA-256: ea48e89f867a945ad7c723a44eb7120edafe1f19a6699a101ada14208025cf8d
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter

The sample exhibits a high-severity heap spray heuristic, indicating an attempt to exploit a memory corruption vulnerability. Additionally, a NOP sled was detected, often used in conjunction with heap spraying to ensure successful shellcode execution. The presence of an unknown reputation URL suggests a potential command and control or payload delivery vector.

Heuristics 3

  • Heap-spray pattern detected high SC_HEAP_SPRAY
    Repeated 0x04 bytes found
  • NOP-equivalent sled detected medium SC_NOP_EQUIV_SLED
    Long run of 0x40 bytes
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.open����
    • http://schemas.openxmlformats.org/drawingml/2006/main
    • http://schemas.openxmlformats.org/officeDocument/2006/bibliography
    • http://schemas.openxmlformats.org/officeDocument/2006/customXml

Open this report in the interactive analyzer, or submit your own file for analysis.