Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 9db22b42c71b6532…

MALICIOUS

Office (OOXML)

76.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300 First seen: 2020-05-25
MD5: 4b3858c8b35e964a5eb0e291ff69ced6 SHA-1: 3719a35e605f7a1846fa743910480281df390233 SHA-256: 9db22b42c71b6532134060a7a175b4eae2c745fa956411389bd7d8c9805ec269
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a specific exploit signature, suggesting it contains malicious code. The document body, presented as a contact list, is likely a social engineering lure to disguise the malicious intent. The presence of an embedded EMF artifact further supports the likelihood of malicious content, often used to deliver exploits or malicious scripts.

Heuristics 1

  • ClamAV: Xls.Exploit.Agent-4323916-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Exploit.Agent-4323916-1

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
emf_00.emf ooxml-emf OOXML EMF part: xl/media/image1.emf 608 bytes
SHA-256: 36541889c0ae205b23f2c4cbeaae048bb0bdc1231b1584524f075a46b83ea255

Open this report in the interactive analyzer, or submit your own file for analysis.