Office (OOXML) / .XLSX malware analysis — malicious · 14aef6acd0281d7a

MALICIOUS

Office (OOXML) / .XLSX

73.8 KB Created: 2020-11-30 14:18:37 UTC Authoring application: Microsoft Excel 16.0300

MD5: 406cf3948846b60e2213240eae79ef9c SHA-1: 78aef2ee16dd55b65611d3fa3fa380c00090bb4b SHA-256: 14aef6acd0281d7a7e5af63d3d5a53a5a30dd2614b70b34b8fedb71b53a67970

70 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The OOXML file contains a clickable image designed as a phishing lure, directing users to a form hosted on typeform.com. This suggests an attempt to collect user input under a pretext. While the URL itself is currently flagged as benign, the presence of the lure and external hyperlink indicates a malicious intent to deceive the user.

Heuristics 3

OOXML clickable image phishing/form lure critical OOXML_CLICKABLE_IMAGE_FORM_LURE

Workbook uses a large embedded image as the visible document body and attaches a click-through external hyperlink to that image. The target is a form/collection service or the drawing contains download/view lure text, which is a common credential or document-phishing pattern rather than benign workbook data.
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS

Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://fxghgg.typeform.com/to/ogs2iMmc
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://fxghgg.typeform.com/to/ogs2iMmc

Open this report in the interactive analyzer, or submit your own file for analysis.