Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 0d2ee3809eba28eb…

MALICIOUS

Office (OOXML)

13.4 KB First seen: 2017-07-23
MD5: bdc65bb1af2ebba5ba2a977bdb660a0b SHA-1: 988b3a2995b4ee0204932fb3264e4bd50146f753 SHA-256: 0d2ee3809eba28ebbf0a122a94da3107af91c333eafe83e6f211319fb1a8685a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV due to the detection of Xml.Exploit.DDE_Abuse. This indicates the document likely leverages Dynamic Data Exchange (DDE) to execute arbitrary commands, a common technique for initial execution of malicious payloads. No specific family could be identified from the available evidence.

Heuristics 1

  • ClamAV: Win.Downloader.MSWord-6331390-3 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Downloader.MSWord-6331390-3

Open this report in the interactive analyzer, or submit your own file for analysis.