Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 1362036617b0b970…

MALICIOUS

Office (OOXML) / .XLSX

2.20 MB Created: 2026-02-24 00:07:14 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2026-02-26
MD5: 73c79adbc70438c28f1f3307b6d76897 SHA-1: 00d305a2689d17ab93c344d39d282f5f341fc932 SHA-256: 1362036617b0b970ae48bacbc67328994cd448ee3666dd2c43a802859188419e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is an Office document containing an embedded OLE object, specifically identified as an Equation Editor object. This strongly suggests exploitation of a known vulnerability within the Equation Editor component to achieve arbitrary code execution. The document body content is heavily obfuscated and does not provide further clues, but the presence of the Equation Editor OLE object is a high-confidence indicator of exploitation.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/XBe.4AEQPdc contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
12784beaf829b6106a3eb4cb1034151a825ec580eabef78d6567a858b12fbf43		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/XBe.4AEQPdc 2866176 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.