Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 be011dd6d31e1ad5…

MALICIOUS

Office (OOXML)

92.1 KB Created: 2021-09-14 08:29:41 UTC Authoring application: Microsoft Excel 14.0300 First seen: 2021-09-22
MD5: aa7e495c29050cbd51b6439b0327ed08 SHA-1: 51a4339f3cb8b6676d215527c756f6a3196c00ac SHA-256: be011dd6d31e1ad56f9e755e13c4f1366da7d26d9629f876cdf090909151a898
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV due to the detection of Xml.Exploit.DDE_Abuse. This indicates the document likely leverages Dynamic Data Exchange (DDE) to execute arbitrary commands, a common technique for initial execution of malicious payloads. No specific family could be identified from the available evidence.

Heuristics 1

  • ClamAV: Xml.Exploit.DDE_Abuse-9987933-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xml.Exploit.DDE_Abuse-9987933-1