Office (OOXML) / .XLSX malware analysis — malicious · 7b55233959064518

MALICIOUS

Office (OOXML) / .XLSX

73.8 KB Created: 2021-03-26 11:20:12 UTC Authoring application: Microsoft Excel 16.0300

MD5: 7b3143110f469779135246b0142e53b3 SHA-1: dba41003d56f47b57b6788a8a3b3fb14c82d7dfc SHA-256: 7b552339590645187d01a69a7c3f6d7dcc40d59cf0d7c59bb220a6e8bb7f1e0f

70 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The OOXML file contains a clickable image designed as a phishing lure, directing users to an external form. This technique, combined with the presence of external hyperlinks, strongly suggests an attempt to collect user credentials or other sensitive information. No VBA macros were extracted, but the structure indicates a phishing attempt via a malicious attachment.

Heuristics 3

OOXML clickable image phishing/form lure critical OOXML_CLICKABLE_IMAGE_FORM_LURE

Workbook uses a large embedded image as the visible document body and attaches a click-through external hyperlink to that image. The target is a form/collection service or the drawing contains download/view lure text, which is a common credential or document-phishing pattern rather than benign workbook data.
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS

Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://elcxehvf65f.typeform.com/to/IRztKoFx
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://elcxehvf65f.typeform.com/to/IRztKoFx

Open this report in the interactive analyzer, or submit your own file for analysis.