Malicious Office (OOXML) / .DOCX — malware analysis report

Static analysis result for SHA-256 f6e84ce295b26567…

MALICIOUS

Office (OOXML) / .DOCX

340 B
MD5: 312330642644de91fb00675b2b7d7c02 SHA-1: 8bf4583b53188878ba069aaaebcf783b3e2a8704 SHA-256: f6e84ce295b265679751efcef522d524dfe2f8bef55d3959ddd7ce2054ba063b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious File

The OOXML_REMOTE_TEMPLATE heuristic fired, indicating the document is configured to load content from the external URL https://url.terryspace.io/suBWx7. This is a common technique for delivering malicious payloads, often by exploiting vulnerabilities or tricking the user into executing downloaded content. The presence of a standalone relationship file further supports the possibility of a malicious template injection.

Heuristics 2

  • Remote template injection high OOXML_REMOTE_TEMPLATE
    Standalone relationship XML references a remote template URL (https://url.terryspace.io/suBWx7). This is the same attachedTemplate/template relationship shape used for remote-template injection in OOXML packages.
    URL https://url.terryspace.io/suBWx7
  • Standalone OOXML relationship file medium OOXML_STANDALONE_RELS
    File is raw OOXML relationship XML rather than a valid OOXML ZIP package. This malformed Office-extension payload still declares an external relationship and should be reviewed as relationship-based Office content.
    URL https://url.terryspace.io/suBWx7
    • http://schemas.openxmlformats.org/package/2006/relationships
    • http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate

Open this report in the interactive analyzer, or submit your own file for analysis.