Office (OOXML) / .DOC static analysis report

Static analysis result for SHA-256 f5d2b429bf603e18…

SUSPICIOUS

Office (OOXML) / .DOC

58.5 KB Created: 2021-08-07 22:17:00 UTC Authoring application: Microsoft Macintosh Word 14.0000 First seen: 2026-05-25
MD5: aba2fc9406db4869e167bf61a7c76ae2 SHA-1: 601d00c1ac1dc134e31ee56c7c92a4daf69d5033 SHA-256: f5d2b429bf603e18730ba3294317913e860d07de64586f9a48bca8680fd34780
30 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.001 User Execution: Malicious Link

The document presents itself as an invitation to a business ethics seminar offering CPE credits. However, the heuristic 'SE_CALLBACK_LURE' indicates that the document contains a phone number intended for billing, refund, subscription, fraud, or security contexts. This strongly suggests a callback phishing or tech-support scam, where the user is prompted to call a fraudulent number. No scripts were extracted from this sample.

Heuristics 3

  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
  • External hyperlinks (6) low OOXML_EXTERNAL_HYPERLINKS
    Document contains 6 external hyperlinks — clickable URLs are stored as external relationships. First target: about:blank
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.nasbaregistry.org/registry-forms--policies/fields-of-study Document hyperlink
    • http://schemas.microsoft.com/office/word/2010/wordprocessingCanvasDocument hyperlink
    • http://schemas.microsoft.com/office/mac/office/2008/mainDocument hyperlink
    • http://schemas.openxmlformats.org/markup-compatibility/2006Document hyperlink
    • http://schemas.openxmlformats.org/officeDocument/2006/relationshipsDocument hyperlink
    • http://schemas.openxmlformats.org/officeDocument/2006/mathDocument hyperlink
    • http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingDocument hyperlink
    • http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingDocument hyperlink
    • http://schemas.openxmlformats.org/wordprocessingml/2006/mainDocument hyperlink
    • http://schemas.microsoft.com/office/word/2010/wordmlDocument hyperlink
    • http://schemas.microsoft.com/office/word/2010/wordprocessingGroupDocument hyperlink
    • http://schemas.microsoft.com/office/word/2010/wordprocessingInkDocument hyperlink
    • http://schemas.microsoft.com/office/word/2006/wordmlDocument hyperlink
    • http://schemas.microsoft.com/office/word/2010/wordprocessingShapeDocument hyperlink