Office (OOXML) malware analysis — malicious · 14c58e3894258c54

MALICIOUS

Office (OOXML)

123.3 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300 First seen: 2018-11-05

MD5: 5f97c5ea28c0401abc093069a50aa1f8 SHA-1: 15053a986dc12c9f353f4940d7d918871d337aed SHA-256: 14c58e3894258c54e12d52d0fba0aafa258222ce9223a1fdc8a946fd169d8a12

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Swf.Trojan.Rokrat-6443186-0. The document body contains a list of product names and prices, suggesting a lure to disguise malicious intent. No scripts were extracted, and the primary indicator is the ClamAV detection.

Heuristics 1

ClamAV: Swf.Trojan.Rokrat-6443186-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Swf.Trojan.Rokrat-6443186-0

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`emf_00.emf`	ooxml-emf	OOXML EMF part: xl/media/image1.emf	940 bytes
SHA-256: `fd7bbc4846622c73726859c1690532062089f281dc861d9e26f1ad32ea0df6a7`

Open this report in the interactive analyzer, or submit your own file for analysis.