Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 ec7c1e2429a62bd5…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: efa35823cadb8ed1b34ab1ba0863e1ab SHA-1: bab2b8eea48487a784b97fbe998e88bb6dd75166 SHA-256: ec7c1e2429a62bd533501e4e6e3c86e78b2e55e66f6ebd4cd4a00b93e4e7536c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for a secondary payload. While no specific document body or scripts were extracted, the heuristic firing strongly suggests the Excel file's primary purpose is to facilitate the execution of other malicious content.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.