Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 619fc619181506c6…

MALICIOUS

Office (OOXML) / .XLSX

2.14 MB Created: 2025-06-12 01:12:31 UTC Authoring application: Microsoft Excel 12.0000
MD5: 579ba22212f731716996661ff2ab3b18 SHA-1: 5af3cf64858ff078eaf1356b92d443b8360c30ad SHA-256: 619fc619181506c63d38d2eef7b88f311c5975361028bcc4ff8d9bf4c4874cf9
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The sample is an Excel document containing an embedded OLE object identified as an Equation Editor. This is a common technique used to exploit vulnerabilities and execute arbitrary code. The presence of this object strongly suggests the document is intended to deliver a malicious payload to the user.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/sZAIN8b.wXJ contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
b17db6b39475bf1841028c99bf3b3ab137e58be607d5e4edb81639ea576083d5		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/sZAIN8b.wXJ 2999808 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.