Win.Trojan.Emotet-6397178-0 Office (OLE) malware analysis — malicious · edf105c6d7895c3d

MALICIOUS

Office (OLE)

59.5 KB Created: 2017-10-02 18:38:00 Authoring application: Microsoft Office Word First seen: 2017-10-28

MD5: 885b8020f1f25556ced313b309b94ddb SHA-1: 2e2ad4284ee041a9a0ebc1994b2a15fcd26b8b72 SHA-256: edf105c6d7895c3db65c584641686e8170fa2d1c0b8eedd62840083946d183fb

102 Risk Score

Malware Insights

Win.Trojan.Emotet-6397178-0 · confidence 95%

MITRE ATT&CK

T1059.001 PowerShell

The file was detected as Win.Trojan.Emotet-6397178-0 by ClamAV. A heuristic firing indicates a reference to PowerShell, a common tool for executing malicious scripts and downloading further payloads. The embedded URL, though benign, is noted as part of the document's structure.

Heuristics 3

ClamAV: Win.Trojan.Emotet-6397178-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Emotet-6397178-0
Reference to PowerShell high SC_STR_POWERSHELL

Reference to PowerShell
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Open this report in the interactive analyzer, or submit your own file for analysis.