Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 4f897a55374f4fe7…

MALICIOUS

Office (OOXML)

72.2 KB Created: 2021-08-17 09:38:47 UTC Authoring application: Microsoft Excel 15.0300 First seen: 2021-08-25
MD5: f1ab88d1dac2de86b5211515ac6d16f7 SHA-1: 393aa62bf5e318e095a069f82c7e15118a111eeb SHA-256: 4f897a55374f4fe7693f5aa5b7b57d306fd39225e279556f9a785db7523efb90
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV due to the detection of Xml.Exploit.DDE_Abuse. This indicates the document likely leverages Dynamic Data Exchange (DDE) to execute arbitrary commands, a common technique for initial execution of malicious payloads. No specific family could be identified from the available evidence.

Heuristics 1

  • ClamAV: Xml.Exploit.DDE_Abuse-9987933-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xml.Exploit.DDE_Abuse-9987933-1

Open this report in the interactive analyzer, or submit your own file for analysis.