Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 a0b13db34b1b5546…

MALICIOUS

Office (OOXML)

1.59 MB First seen: 2020-09-15
MD5: 3011e9dcc97cf2313c96287a3ca08b39 SHA-1: dde4b3072869230d757d029323c3797bb9c5f09c SHA-256: a0b13db34b1b5546d485eaa4f7392455e3b99a5142b0998bd5c8fd0c031e6d00
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Html.Spyware.IMG-7. The document body content is generic and does not provide specific lures, but the detection suggests the file is a disguised HTML-based spyware. The primary IOC is the ClamAV detection name.

Heuristics 1

  • ClamAV: Html.Spyware.IMG-7 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Html.Spyware.IMG-7