Office (OOXML) / .XLSX malware analysis — malicious · 05e9bbdef1e953a8

MALICIOUS

Office (OOXML) / .XLSX

2.17 MB Created: 2025-06-05 00:10:50 UTC Authoring application: Microsoft Excel 12.0000

MD5: 05ce9b97d9f668b8b629f987c01564e0 SHA-1: 177d88eb93b796a164d64922a108fededd90b178 SHA-256: 05e9bbdef1e953a83ca0c99794fcefd1f13bf7991fcb296c3cd912c455339855

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The file is an Office Open XML spreadsheet containing an embedded OLE object, specifically identified as an Equation Editor object. This type of object is frequently exploited to deliver malicious payloads. The document body contains what appears to be tabular data, but the primary indicator of compromise is the embedded OLE object, which is a known vector for exploitation.

Heuristics 2

Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR

Embedded OLE object xl/embeddings/BnYk.uKHE contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `7ebf6292d0b1716f0080b26663d078375dfeaa231170be63774625460151ffc9`	ooxml-ole-object	OOXML embedded OLE part: xl/embeddings/BnYk.uKHE	3104768 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.