As with other phishing documents, we can unzip the .docx and do a simple hexdump/strings on the oleObject1.bin to look for any suspicious strings referring to some sort of file/code execution:
The CLSID object that makes this technique work is a Shell.Explorer.1 object, as seen here:
As an analyst, one should inspect the .bin file and look for the {EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B} bytes inside, signifying the Shell.Explorer.1 object being embedded in the .bin file:
References
Click me if you can, Office social engineering with embedded objects