Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 2613c1bc55024150…

MALICIOUS

Office (OOXML) / .XLSX

35.4 KB Created: 2022-11-02 08:44:47 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2022-11-03
MD5: 018091f2706a9d3ba25541d810dac1d0 SHA-1: aa983b367b683bded69916f9d1868d6a0efd03f8 SHA-256: 2613c1bc550241501fcac23737817f6921d7f249647e829b34a9ce7b71b2107e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The document contains a list of electronic goods presented in a tabular format, resembling an invoice or order confirmation. The 'SE_CALLBACK_LURE' heuristic indicates that the document prompts the user to call a phone number, consistent with callback phishing or tech-support scam tactics. The external relationship to a local file path suggests a potential attempt to load or reference external resources, possibly for obfuscation or to trigger further malicious actions.

Heuristics 2

  • External relationship high OOXML_EXTERNAL_REL
    External target in xl/drawings/_rels/drawing1.xml.rels: file:///C:\temp\selte-wide3.png
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns

Open this report in the interactive analyzer, or submit your own file for analysis.