Office (OLE) / .DOC malware analysis — malicious · f25473d3580087be

MALICIOUS

Office (OLE) / .DOC

38.5 KB Created: 2009-04-28 08:43:00 Authoring application: Microsoft Word 11.0

MD5: 2ca3046aaeb45e21a10ffb932fa7fc72 SHA-1: 570b2a3ab52080023774855a41c60fba5a5fc664 SHA-256: f25473d3580087be5ee780df246a87169a8453313c533abbd0d3465e4cc50ed2

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The file is a Microsoft Word document containing VBA macros, specifically a Document_Open macro, which is a common technique for initiating malicious actions upon opening. The document body discusses an award for a wine estate, likely a lure to encourage macro execution. The ClamAV detection as 'Doc.Trojan.Thus-16' further confirms its malicious nature. No specific IOCs like URLs or hashes were extracted, but the presence of a Document_Open macro strongly suggests the intent to download and execute a second-stage payload.

Heuristics 3

ClamAV: Doc.Trojan.Thus-16 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Thus-16
Document_Open macro high OLE_VBA_DOCOPEN

Document_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `c81de14ec1856f92a57163090a7172bfa537864b7f3cbbd8d153ff42957fc2db`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1903 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.