Office (OOXML) / .XLSX malware analysis — malicious · a8f9ec32fd58ad56

MALICIOUS

Office (OOXML) / .XLSX

12.8 KB Created: 1996-10-14 23:33:28 UTC Authoring application: Microsoft Excel 15.0300

MD5: 5a0ad0d02b24a8d79434975db9064713 SHA-1: 94e592b6ddcf1367fd1ab590279bace5a7b75419 SHA-256: a8f9ec32fd58ad56999becefc183f0824532d7ce69b0f790607b2e1ee221a586

60 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious Link T1566.002 Spearphishing Attachment

The sample is an OOXML document that contains a lure to enable editing and macros, a common technique for malware droppers. The document body presents a fake supplier appraisal form in multiple languages, suggesting an attempt to trick a wide range of users. No specific malware family could be identified, and no executable content or network indicators were extracted.

Heuristics 2

OOXML autoload OLE object target is missing high OOXML_MISSING_AUTOLOAD_OLEOBJECT

Spreadsheet declares an OLE object relationship and an oleObject element, but the target embedded OLE package part is absent from the ZIP. With autoLoad and VML shape context this is a payload-stripped or malformed OLE activation carrier, not an ordinary external hyperlink.
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings

Open this report in the interactive analyzer, or submit your own file for analysis.