Office (OOXML) / .XLSX malware analysis — malicious · feb048ecea7162dc

MALICIOUS

Office (OOXML) / .XLSX

9.5 KB Created: 2017-07-10 08:14:50 UTC Authoring application: Microsoft Excel 16.0300

MD5: 26e7dcd9c2ef1e908109da68d5acc9dc SHA-1: 30da90a67b1cff794480e6e084f8883be6f3949d SHA-256: feb048ecea7162dc0edec87d87d732221fac8ef0ad24f6c0ed3f81e31dcde849

60 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious File Execution T1204.002 Malicious File Execution: User Execution of Malicious File

The critical ClamAV heuristic firing, 'Xml.Exploit.DDE_Abuse-9987933-1', strongly indicates the presence of a Dynamic Data Exchange (DDE) abuse vulnerability. This technique is commonly used to trick users into enabling content that then executes arbitrary commands, often to download and run further malicious payloads. The document body contains only placeholder references, providing no further context on the lure.

Heuristics 1

ClamAV: Xml.Exploit.DDE_Abuse-9987933-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xml.Exploit.DDE_Abuse-9987933-1

Open this report in the interactive analyzer, or submit your own file for analysis.