Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 8a4b224df9dcb71e…

MALICIOUS

Office (OOXML)

17.1 KB Created: 2017-05-25 10:48:00 UTC Authoring application: Microsoft Office Word 14.0000 First seen: 2017-05-29
MD5: 400839805c3934643ed7954a0d4d6b85 SHA-1: 7c86e21c9a4ef8499feb9aaaefd1ee9da0bb92b8 SHA-256: 8a4b224df9dcb71ef6a26eaa7313ebae9faa6b9e3047303fcffe9ac6ef633291
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV due to the detection of Xml.Exploit.DDE_Abuse. This indicates the document likely leverages Dynamic Data Exchange (DDE) to execute arbitrary commands, a common technique for initial execution of malicious payloads. No specific family could be identified from the available evidence.

Heuristics 1

  • ClamAV: Win.Downloader.MSWord-6331390-3 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Downloader.MSWord-6331390-3

Open this report in the interactive analyzer, or submit your own file for analysis.