Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 28c6a21157e0d284…

MALICIOUS

Office (OOXML)

318.1 KB Created: 2021-03-21 10:04:03 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2021-11-20
MD5: 415f47ad6adeb21d0467ddba71c90e0f SHA-1: fafe5daca3ac73336d127a38d0b5af8273e145ff SHA-256: 28c6a21157e0d284fb661107e047cef4b37619779c229030c6820ac7a5032bd9
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is an Office document with a ClamAV detection indicating it is malicious. The document body presents a quotation for marine supplies, a common lure for phishing attacks. Although no specific script was extracted, the presence of macro-related heuristics suggests that enabling macros would likely lead to the execution of a malicious payload, such as a downloader.

Heuristics 1

  • ClamAV: Win.Malware.Agent-9906237-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Malware.Agent-9906237-0