Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 247ce4217b1b3329…

MALICIOUS

Office (OOXML) / .XLSX

878.7 KB Created: 2024-06-26 17:54:33 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2024-06-26
MD5: 9f726cc272a3e6b686a8c987105e11ea SHA-1: 5b52c81d398f9b0ec5ec57f3e9481f18518ce4d1 SHA-256: 247ce4217b1b3329764c7a49cf052af2ee74b8b6bfc2a8a35efdeca214f5ff89
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious File Execution T1204.002 Malicious File Execution: Malicious File

The critical ClamAV heuristic firing, 'Xml.Exploit.DDE_Abuse-9987933-1', strongly indicates that this Office file is designed to abuse Dynamic Data Exchange (DDE) to execute arbitrary commands. This is a common technique for initial access, often used to download and run further malicious payloads.

Heuristics 1

  • ClamAV: Xml.Exploit.DDE_Abuse-9987933-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xml.Exploit.DDE_Abuse-9987933-1

Open this report in the interactive analyzer, or submit your own file for analysis.