Office (OOXML) malware analysis — malicious · 4d1244dcf889a880

MALICIOUS

Office (OOXML)

74.4 KB Created: 2021-01-13 13:30:39 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2021-01-23

MD5: 13243ed8b01158eaff060ee1cd2b77aa SHA-1: 60b3aa147932497bf86a6a8fbce909d6171f6bbe SHA-256: 4d1244dcf889a8806552b75ffa0583d6e43dbb470f5a0872b1976fb4b166142c

70 Risk Score

Heuristics 3

OOXML clickable image phishing/form lure critical OOXML_CLICKABLE_IMAGE_FORM_LURE

Workbook uses a large embedded image as the visible document body and attaches a click-through external hyperlink to that image. The target is a form/collection service or the drawing contains download/view lure text, which is a common credential or document-phishing pattern rather than benign workbook data.
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS

Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://dfmzves9lif.typeform.com/to/JQx7gdVt
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://dfmzves9lif.typeform.com/to/JQx7gdVt Document hyperlink

Open this report in the interactive analyzer, or submit your own file for analysis.