Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 4780fdf0e09e89ac…

MALICIOUS

Office (OOXML) / .XLSX

2.45 MB Created: 2026-02-24 00:07:14 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2026-02-26
MD5: 6cd6026b65d10a25e335ce45f0bcd2ed SHA-1: 8cd22dd1e50766b3b996a396934eff4f215b1586 SHA-256: 4780fdf0e09e89aca846c479684379d10fe5225b8ce265ec4b66edb52feb1ca8
60 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking

The sample is an Office document containing an embedded OLE object, specifically identified as an Equation Editor object. This type of object is known to be vulnerable to exploitation. The high-severity heuristic firing for 'OLE_EQUATION_EDITOR' strongly suggests that this object is being used to exploit a vulnerability, likely for the purpose of executing arbitrary code or downloading a secondary payload. No document body text or scripts were extracted, limiting further analysis of the specific lure or payload delivery mechanism.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/M7.EPFN3x contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
cb26e17e26d4b9d120af3dd981f20abd8bab91aedbaac219bbf84ccc731f1a5b		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/M7.EPFN3x 2995712 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.