Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 8f618e0e7e31af2f…

MALICIOUS

Office (OOXML)

9.6 KB Created: 2019-09-04 08:30:52 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2020-12-01
MD5: bee9ce351791ecc85e3fead5e8fb134d SHA-1: f6aecaf989cd21a00105e75492d1e7fdb63fe073 SHA-256: 8f618e0e7e31af2f6195702bfeb676012561c747617dcb17fc8de24ab3d2def8
60 Risk Score

Heuristics 1

  • Spreadsheet DDE link launches a dangerous command critical OOXML_SPREADSHEET_DDE_MALICIOUS
    Excel workbook contains an externalLinks/ddeLink entry whose ddeService/ddeTopic launches a dangerous executable. This is SpreadsheetML DDE command execution, distinct from WordprocessingML DDE field instructions.