Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 9d5c7542ac226f76…

MALICIOUS

Office (OOXML)

55.3 KB Created: 2021-08-19 08:59:58 UTC Authoring application: Microsoft Excel 15.0300
MD5: 417fc2a056cacc1b1a0f51f37a5f6aea SHA-1: 7684e50a96e5acacc7ce1923fa7e3bc9373c7105 SHA-256: 9d5c7542ac226f7684eab94506bee36c1829977a14eb3bd79846036622ee536d
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The critical heuristic firing 'Xml.Exploit.DDE_Abuse-9987933-1' strongly indicates the exploitation of a DDE vulnerability within the Office document. This technique is commonly used to bypass security controls and execute arbitrary commands, often to download and run further malicious content. The lack of specific script content or URLs means the exact payload and delivery mechanism cannot be determined, hence the 'unknown family' classification.

Heuristics 1

  • ClamAV: Xml.Exploit.DDE_Abuse-9987933-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xml.Exploit.DDE_Abuse-9987933-1

Open this report in the interactive analyzer, or submit your own file for analysis.