Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 0b4f0d8d57fd1cb9…

MALICIOUS

Office (OOXML)

85.2 KB Created: 2018-05-03 11:25:19 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2018-06-21
MD5: c8aaaa517277fb0dbb4bbf724245e663 SHA-1: a9b0d9aa2e28f2c14fd1a0116c204430ee3d357f SHA-256: 0b4f0d8d57fd1cb9b4408013aa7fe5986339ce66ad09c941e76626b5d872e0b5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Doc.Dropper.Agent-6579168-0, indicating it is a known dropper. The document body, while appearing to be salary and diplomatic position data, is likely a lure to encourage user interaction. No scripts were extracted from this sample.

Heuristics 1

  • ClamAV: Doc.Dropper.Agent-6579168-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-6579168-0