Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 c1b1e6877c929cf1…

MALICIOUS

Office (OOXML) / .XLSX

83.0 KB Created: 2025-06-24 02:13:46 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2026-06-21
MD5: 7171c028c614f696bfa9ce383a39c38d SHA-1: cac8aacab27ef7d79050e751a1b53ca32bf6bde1 SHA-256: c1b1e6877c929cf18b8d734c63d60b9d7102cda53f75a031b6b51a9be09e02ae
62 Risk Score

Heuristics 2

  • Spreadsheet DDE link launches a dangerous command critical OOXML_SPREADSHEET_DDE_MALICIOUS
    Excel workbook contains an externalLinks/ddeLink entry whose ddeService/ddeTopic launches a dangerous executable. This is SpreadsheetML DDE command execution, distinct from WordprocessingML DDE field instructions.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://192.168.1.189:1704/report.txt In document text (OOXML body / shared strings)

Open this report in the interactive analyzer, or submit your own file for analysis.