Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 769e8573287dd44d…

MALICIOUS

Office (OOXML)

9.2 KB Created: 2015-06-05 18:17:20 UTC Authoring application: Microsoft Excel 16.0300
MD5: f5298c000cefde07f3477eaf33b1253f SHA-1: 2da4310cd5d74c53bc93c43f9b3cd474110bd1ba SHA-256: 769e8573287dd44d085853a2e46768c45bfc61b8256100838eb6a2b29ffad91c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1218.005 Client Execution: Signed Binary Proxy Execution T1566.001 Spearphishing Attachment

The file is an Office document that triggered a critical ClamAV heuristic for Xml.Exploit.DDE_Abuse. This indicates the document is likely attempting to exploit Dynamic Data Exchange (DDE) to execute commands, a common technique for initial execution of malicious payloads. No specific family could be identified from the available evidence.

Heuristics 1

  • ClamAV: Xml.Exploit.DDE_Abuse-9987933-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xml.Exploit.DDE_Abuse-9987933-1

Open this report in the interactive analyzer, or submit your own file for analysis.