Malicious Office (OOXML) / .PPTX — malware analysis report

Static analysis result for SHA-256 5b33378e919ab1c6…

MALICIOUS

Office (OOXML) / .PPTX

12.06 MB Created: 2024-09-20 02:44:30 UTC Authoring application: Microsoft Office PowerPoint 16.0000 First seen: 2025-09-08
MD5: 5b1a6185273c6b9625a03ca942ae895b SHA-1: 6980dfa887c92ad580515ed9795855e4fdacdcc4 SHA-256: 5b33378e919ab1c658a91acf564511ec2b322bfa3297d7f8e0031044f451862e
70 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The presentation contains an embedded OLE object, which is a common technique for delivering malicious payloads. The external relationship points to an embedded Excel file, suggesting a lure to open a potentially malicious document. The document body itself is a truncated financial presentation, likely intended to mask the malicious intent.

Heuristics 4

  • External relationship high OOXML_EXTERNAL_REL
    External target in ppt/charts/_rels/chart2.xml.rels: file:///C:\Users\accutome\Documents\Gabi\Nurexone\ERG\Nurexone_ERG_STR_treshold2.xlsx
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object
  • External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS
    Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: about:blank
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://msktc.org/sites/default/files/Facts-and-Figures-2024-Eng-508.pdf
    • https://www.aaojournal.org/article/S0161-6420(21)00710-7/fulltext
    • https://www.reeve.uci.edu/research/regeneration-to-reverse-paralysis
    • https://www.hopkinsmedicine.org/health/conditions-and-diseases/acute-spinal-cord-injury
    • https://pubmed.ncbi.nlm.nih.gov/35857624/
    • http://schemas.openxmlformats.org/markup-compatibility/2006
    • http://schemas.openxmlformats.org/drawingml/2006/chart
    • http://schemas.openxmlformats.org/drawingml/2006/diagram
    • http://schemas.openxmlformats.org/drawingml/2006/compatibility
    • http://schemas.microsoft.com/office/powerpoint/2010/main
    • http://schemas.microsoft.com/office/powerpoint/2012/main
    • http://schemas.microsoft.com/office/drawing/2018/hyperlinkcolor
    • http://customooxmlschemas.google.com/
    • https://pmc.ncbi.nlm.nih.gov/articles/PMC8841641/
    • https://drive.google.com/file/d/1XjEWADYZ0SsiteY1rBFFg4ot2IdBOwso/view

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
c45387ab53a7a01bf367e31ef3b7426c06eee111ab6f7c3007dce0a9ff16251e		 ooxml-ole-object OOXML embedded OLE part: ppt/embeddings/Microsoft_Excel_Worksheet.xlsx 8875 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.