Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 55fee116c6f4b42f…

MALICIOUS

Office (OOXML) / .XLSX

604.3 KB Created: 2023-08-03 11:34:29 UTC Authoring application: Microsoft Excel 16.0300
MD5: b882aa904b4678fb91896b2701290cdf SHA-1: ba4126d0fa2dcc64578988a7e0155f95dd6d1f2c SHA-256: 55fee116c6f4b42f0df40a8ba9e688477f62a01419db3624fcf5e8f1eff01adb
60 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking

The high-severity heuristic 'OLE_EQUATION_EDITOR' indicates the presence of a vulnerable Equation Editor OLE object within the XLSX file. This is a common technique used to exploit CVE-2017-11882, leading to the execution of arbitrary code. The embedded OLE object is the primary indicator of malicious intent.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/S4J1XI.jLM8y contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
987aedb6f53716bf5125ee77f081d09fe19fb0a0081cb1955e9021eac077dd50		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/S4J1XI.jLM8y 880128 bytes
ooxml_oleobject_00_ole10native_00.bin
af05b413ebc0684f6a7dc2e8ca1d95528d3bde2d8ef538b59e59d56a8867a7c6		 ole-package OOXML xl/embeddings/S4J1XI.jLM8y Ole10Native stream: olE10NatIVE 870511 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.