Malicious Office (OOXML) / .DOC — malware analysis report

Static analysis result for SHA-256 4657d1a64f164ec7…

MALICIOUS

Office (OOXML) / .DOC

8.98 MB Created: 2024-07-28 12:12:00 UTC Authoring application: Microsoft Office Word 16.0000
MD5: 3c537b16d1aa2c0269db24b17468be51 SHA-1: 50153ddeadff542f6864eeaab92f8ed6d3def4c0 SHA-256: 4657d1a64f164ec7d64977d815a1662034c06abc9f8fef02efdc9760be47f138
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1559 Component Object Model Hijacking

The sample is a Microsoft Office document containing embedded OLE objects. One of these objects, identified as Ole10Native, indicates the presence of a payload or link, strongly suggesting exploitation of CVE-2026-21514. This technique aims to trick the user into opening the document, which then triggers the execution of the embedded malicious content.

Heuristics 2

  • OOXML Ole10Native with payload/link indicators — possible CVE-2026-21514 high CVE likely CVE_2026_21514
    Office document contains embedded OLE (word/embeddings/oleObject1.bin) with Ole10Native plus executable, PE, or risky remote-link indicators. This is a likely CVE-2026-21514 exploitation shape.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
eed439b0e7d2fa0515015f2681afe6c4c7a92272462e6f4c7c31daac6cdfd879		 ooxml-ole-object OOXML embedded OLE part: word/embeddings/oleObject1.bin 8388608 bytes
ooxml_oleobject_00_ole10native_00.bin
a1d7ad718ac2f6de23a5c548796f75d7c567241fcb31c7939a19678d7bb887f1		 ole-package OOXML word/embeddings/oleObject1.bin Ole10Native stream: Ole10Native 8388608 bytes
ooxml_oleobject_01.bin
9295d77f40ee481ab9f3aca42bc50a5d1e41514a6cbf265c631930d94b366216		 ooxml-ole-object OOXML embedded OLE part: word/embeddings/oleObject2.bin 2560 bytes
ooxml_oleobject_01_ole10native_00.bin
a4488c1429c02b1933ac0678ee8af31db519f3bb258ecf18b2f3479fe65eada2		 ole-package OOXML word/embeddings/oleObject2.bin Ole10Native stream: Ole10Native 282 bytes
emf_00.emf
49dd7864d887ec0a9ae8ba201e44764a5cdab8c102b831e18e06d7b112269940		 ooxml-emf OOXML EMF part: word/media/image1.emf 4964 bytes
emf_01.emf
2f4658244d9b276c74667414e0af385340de7174b9bb118fbd41324a53130466		 ooxml-emf OOXML EMF part: word/media/image2.emf 5432 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.