Office (OOXML) malware analysis — malicious · 08a5abd122f47141

MALICIOUS

Office (OOXML)

9.9 KB Authoring application: 14.0300 First seen: 2021-05-26

MD5: e302f13f0e67c1e62d1adfe658f6daf8 SHA-1: 78508d73b3bfe4e197dfa52584c2167fdd0d0697 SHA-256: 08a5abd122f47141a8e8b2f926e9922f707264fd3a4939abb91c8afeedac6f38

60 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution

The sample is a malicious OOXML spreadsheet that leverages a DDE link to execute the command 'cmd /C calc'. This indicates an attempt to run arbitrary code on the victim's machine, likely as a precursor to a more significant payload delivery.

Heuristics 1

Spreadsheet DDE link launches a dangerous command critical OOXML_SPREADSHEET_DDE_MALICIOUS

Excel workbook contains an externalLinks/ddeLink entry whose ddeService/ddeTopic launches a dangerous executable. This is SpreadsheetML DDE command execution, distinct from WordprocessingML DDE field instructions.

Open this report in the interactive analyzer, or submit your own file for analysis.