Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 2e46d4d0ad66f53b…

MALICIOUS

Office (OOXML) / .XLSX

618.4 KB Created: 2022-08-10 18:51:50 UTC Authoring application: Microsoft Excel 16.0300
MD5: 27e8fcb5beaf6f451df211287ad79c4a SHA-1: 8b317beeb1f3738c4a7b45c4db75a8ca90515ca8 SHA-256: 2e46d4d0ad66f53bf7c627f3a1b0f170498125126edc0b1a0314c9d26165d2bc
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is an Excel spreadsheet containing an embedded OLE object, identified as an Equation Editor object. This is a common technique used to deliver malicious content, often exploiting vulnerabilities in the OLE object handler or the application used to render it. The presence of this object strongly suggests an attempt to execute arbitrary code or download a secondary payload.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/NwmZO.532n7 contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
2b1890bcc0cde849f572122847e8959f6dbc70fd4f75e5ce0c28578c001fdbd8		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/NwmZO.532n7 907264 bytes
ooxml_oleobject_00_ole10native_00.bin
18ef3f465cdd09ff25c6d7f9263244e4943305b724fc3936bfa14762439a9899		 ole-package OOXML xl/embeddings/NwmZO.532n7 Ole10Native stream: OLE10natiVe 897903 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.