Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 ef58683913cf558d…

MALICIOUS

Office (OOXML)

17.0 KB Created: 2017-05-18 08:11:00 UTC Authoring application: Microsoft Office Word 14.0000 First seen: 2017-05-29
MD5: 1c08183befe46c12dc1f95b35e5f17e9 SHA-1: b55da56cba8b26d8fbfbcc2e7f02d67feaef0851 SHA-256: ef58683913cf558dc3915d0d565769bc1d6ad11f99ed37e46f4e0e1f491c553f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The file is identified as malicious by ClamAV due to the detection of Xml.Exploit.DDE_Abuse. This indicates the document likely leverages Dynamic Data Exchange (DDE) to execute arbitrary commands, a common technique for initial execution of malicious payloads. No specific family could be identified from the available evidence.

Heuristics 1

  • ClamAV: Win.Downloader.MSWord-6331390-3 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Downloader.MSWord-6331390-3

Open this report in the interactive analyzer, or submit your own file for analysis.