Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 f169ef117151ee59…

MALICIOUS

Office (OOXML) / .XLSX

230.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2022-12-06
MD5: 59b1672afa03733417b4757ef866256a SHA-1: d0bf30a9b69724391965203fa94af5f6917052df SHA-256: f169ef117151ee5902fb3c92bd7cef742cab359216420dd6bf7d3804af03e869
80 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking

The critical ClamAV heuristic indicates this XLSX file is detected as a downloader. The presence of an embedded OLE object further supports the likelihood of it being used to deliver a secondary malicious payload. Without further analysis of the embedded object, the specific family and IOCs remain unknown.

Heuristics 2

  • ClamAV: Xls.Downloader.94c25b356b5a6cac-9978798-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.94c25b356b5a6cac-9978798-0
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
b84b88bd720a977c0ca6bc0f4370613477163537e2cde8c6b663e35def093106		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/Microsoft_Office_Excel_Worksheet1.xlsx 7880 bytes
emf_00.emf
1ab8f5abd845ffd0c61a61bb09bfcf20569b80b4496bccb58c623753cf40485c		 ooxml-emf OOXML EMF part: xl/media/image5.emf 4056 bytes
emf_01.emf
17918de803c9609ab1d8bf011fc75835e43ff490299d7d67eab7f550e1fc0968		 ooxml-emf OOXML EMF part: xl/media/image6.emf 321644 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.