Office (OOXML) / .XLSX malware analysis — malicious · 6d4e5e60b4f6cbc8

MALICIOUS

Office (OOXML) / .XLSX

13.6 KB Created: 2022-07-06 04:17:21 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2022-07-08

MD5: b8a6fb2af1f22213fc469b3fc7d65382 SHA-1: bc2d6b81ef00a56dc2fd13fc9a4c90a08d1a5068 SHA-256: 6d4e5e60b4f6cbc8a6e14343b59c406fe5c7f948aded16d23a0f6ed6984907c2

60 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution

The critical heuristic firing indicates the sample leverages the Follina vulnerability (CVE-2022-30190) by embedding an ms-msdt URI. This URI is designed to trigger the Microsoft Diagnostic Tool (MSDT) to execute arbitrary commands, likely leading to the download and execution of a secondary payload. The document body content appears to be unrelated educational material, suggesting it serves as a lure.

Heuristics 1

CVE-2022-30190 — Follina/MSDT URI in OOXML relationship critical CVE likely CVE_2022_30190

External relationship targets an ms-msdt: URI, consistent with CVE-2022-30190 (Follina) MSDT payload delivery.

Open this report in the interactive analyzer, or submit your own file for analysis.