Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 54be816c4ffe69d6…

MALICIOUS

Office (OOXML) / .XLSX

614.4 KB Created: 2024-03-25 10:30:17 UTC Authoring application: Microsoft Excel 12.0000
MD5: 91ec9f9258d3e7be89c919e89c2240e9 SHA-1: e08055459fc9b9209b3da8cc2c652ba131502049 SHA-256: 54be816c4ffe69d6d52950f885f20f9566f6b209c479e01569af6ed6d641c91e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking T1204.002 Malicious File

The XLSX file contains an embedded OLE object identified as an Equation Editor object. This is a high-severity finding and a common technique used to exploit vulnerabilities in Microsoft Office applications, often leading to the execution of arbitrary code. No further details on the exploit or payload were available from static analysis.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/hNtAY.N7gb7HN contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
db0b624199ea1d33f17c7989bdd1b19a9dd565a7e10e62df1ee8d3d5892e9440		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/hNtAY.N7gb7HN 904704 bytes
ooxml_oleobject_00_ole10native_00.bin
bbb99fb8445850780eb0f0c681a33262bef1912f1b4e03f4db35e15b2346454d		 ole-package OOXML xl/embeddings/hNtAY.N7gb7HN Ole10Native stream: OLE10NaTIve 895457 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.