Office (OOXML) malware analysis — malicious · b596b95ec35c50cf

MALICIOUS

Office (OOXML)

73.8 KB Created: 2020-11-17 06:57:52 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2021-05-22

MD5: afee459f8cf0662a93ccd37241ccd620 SHA-1: 15bb959a549bea5037344ffe2c87d9a2c9b2ecd9 SHA-256: b596b95ec35c50cf060a0575fba8354d3e9978501647b45b38f0d923fa513f8a

70 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The OOXML_CLICKABLE_IMAGE_FORM_LURE heuristic indicates the Excel document contains a phishing lure using a clickable image that directs the user to an external Typeform URL. This suggests an attempt to phish for credentials or other sensitive information. No scripts were extracted from this sample.

Heuristics 3

OOXML clickable image phishing/form lure critical OOXML_CLICKABLE_IMAGE_FORM_LURE

Workbook uses a large embedded image as the visible document body and attaches a click-through external hyperlink to that image. The target is a form/collection service or the drawing contains download/view lure text, which is a common credential or document-phishing pattern rather than benign workbook data.
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS

Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: http://llhiskrn670.typeform.com/to/GbVZpNBh
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://llhiskrn670.typeform.com/to/GbVZpNBh Document hyperlink

Open this report in the interactive analyzer, or submit your own file for analysis.