Office (OOXML) / .XLSX malware analysis — malicious · 8bb391cb05dd954e

MALICIOUS

Office (OOXML) / .XLSX

173.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2023-08-20

MD5: 95a1fe4c6813a6be779c767189808dff SHA-1: 6193b6ba8bcda365758a781184390d87ce7cbc7d SHA-256: 8bb391cb05dd954e051503a8f297d25d36991a09e817e1b0f589541c4f4564cf

80 Risk Score

Malware Insights

MITRE ATT&CK

T1559 Component Object Model and Distributed Component Object Model

The sample is an Office (OOXML) XLSX file identified by ClamAV as Xls.Downloader.94c25b356b5a6cac-9978798-0. It contains an embedded OLE object, a common method for embedding and executing malicious code. The specific nature of the payload within the OLE object could not be determined from the provided static analysis.

Heuristics 2

ClamAV: Xls.Downloader.94c25b356b5a6cac-9978798-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Downloader.94c25b356b5a6cac-9978798-0
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `b84b88bd720a977c0ca6bc0f4370613477163537e2cde8c6b663e35def093106`	ooxml-ole-object	OOXML embedded OLE part: xl/embeddings/Microsoft_Office_Excel_Worksheet1.xlsx	7880 bytes
`emf_00.emf` `17918de803c9609ab1d8bf011fc75835e43ff490299d7d67eab7f550e1fc0968`	ooxml-emf	OOXML EMF part: xl/media/image4.emf	321644 bytes
`emf_01.emf` `1ab8f5abd845ffd0c61a61bb09bfcf20569b80b4496bccb58c623753cf40485c`	ooxml-emf	OOXML EMF part: xl/media/image3.emf	4056 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.