Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 2b28b5d778a03170…

MALICIOUS

Office (OOXML)

323.7 KB Created: 2015-06-05 18:17:20 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2021-09-13
MD5: 30e772b9b22ff062a169d248271e7fb5 SHA-1: 47530e23f667605dd70e1f58f189a3ba27941c17 SHA-256: 2b28b5d778a031705dd2189fef91298a6e8d35b8e8150a80fc9bf434f7e9e407
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV due to the detection of Xml.Exploit.DDE_Abuse. This indicates the document likely leverages Dynamic Data Exchange (DDE) to execute arbitrary commands, a common technique for initial execution of malicious payloads. No specific family could be identified from the available evidence.

Heuristics 1

  • ClamAV: Xls.Downloader.Hancitor03222-9941794-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.Hancitor03222-9941794-0

Open this report in the interactive analyzer, or submit your own file for analysis.