Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 8e38557dc7f56276…

MALICIOUS

Office (OOXML)

62.5 KB Created: 2015-07-09 23:11:38 UTC Authoring application: Microsoft Office PowerPoint 15.0000 First seen: 2015-09-20
MD5: 31c5780c36901ea9228d0452162a0f60 SHA-1: 0e0572b08f2b7a48912b1b680541fb8019a9df4b SHA-256: 8e38557dc7f562768aa954516414f6acfec0674430095628694800f5f7f0b97c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV due to the detection of Xml.Exploit.DDE_Abuse. This indicates the document likely leverages Dynamic Data Exchange (DDE) to execute arbitrary commands, a common technique for initial execution of malicious payloads. No specific family could be identified from the available evidence.

Heuristics 1

  • ClamAV: Doc.Dropper.Agent-5748755-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-5748755-0