Office (OOXML) / .XLSX malware analysis — malicious · a8a09cc0080edb1d

MALICIOUS

Office (OOXML) / .XLSX

67.0 KB Created: 2023-06-09 09:43:45 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2023-08-30

MD5: eeef52a74c147c9da372dd7ca2ad7dee SHA-1: 17a109268c5b40dde47fa4580324fb36f07ba239 SHA-256: a8a09cc0080edb1d74123de10f9758553c065db12b2aded54adac99755231d71

70 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The sample is an Office Open XML spreadsheet file detected by ClamAV as Win.Malware.Agent-10007535-0. It contains an external hyperlink to simplebooklet.com, which could be used as a lure. No VBA macros or executable content were extracted, limiting further analysis of the payload.

Heuristics 3

ClamAV: Win.Malware.Agent-10007535-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Malware.Agent-10007535-0
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS

Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://simplebooklet.com/snpgroup
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://simplebooklet.com/snpgroup

Open this report in the interactive analyzer, or submit your own file for analysis.