Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 f83562853dc530a6…

MALICIOUS

Office (OOXML)

709.8 KB Created: 2017-10-23 00:57:05 UTC Authoring application: Microsoft Office PowerPoint 14.0000 First seen: 2020-05-25
MD5: 2171f4552858d6648c5b466a7b36dced SHA-1: 3570a059d5c4f1b8b406048b01bf5378f7ead5d9 SHA-256: f83562853dc530a609ed866b375ac725599d7a927281e9d6f2e46f481e3eb292
80 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The critical ClamAV heuristic indicates the file is a downloader, and the medium heuristic for external relationships points to a suspicious URL. The document body, while appearing to be a corporate policy, is likely a lure to encourage interaction with the malicious URL. No scripts were extracted from this sample, but the external relationship heuristic suggests the document is designed to fetch a payload from the identified URL.

Heuristics 2

  • ClamAV: Doc.Downloader.PPTRemoteScript-6838713-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Downloader.PPTRemoteScript-6838713-0
  • External relationship medium OOXML_EXTERNAL_REL
    External target in ppt/slides/_rels/slide1.xml.rels: script:http:\\mutecider.com:1527\qqqzqa

Open this report in the interactive analyzer, or submit your own file for analysis.