Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 770f3a3e3e7b1be1…

MALICIOUS

Office (OOXML) / .XLSX

681.5 KB Created: 2023-11-17 18:26:59 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2024-06-11
MD5: 7bd1db49907bbec9da9db8d6347de889 SHA-1: 70c5036430ef652720ca0137177191295fcc1221 SHA-256: 770f3a3e3e7b1be1d6ae83842d5ea68340906f756215ea3e7923d9bb66e63861
60 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking T1204.002 Malicious File

The file is an OOXML document containing an embedded OLE object, specifically identified as an Equation Editor object. This type of object is frequently exploited to deliver malicious payloads. The document body contains financial calculation data, which may serve as a lure to encourage users to interact with the embedded object.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/LsyOyqm7.yzt contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
76a264d4723caf1ae2e90a5610e63e1ff337de8b47b7fcac51c4a5b6d56686e3		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/LsyOyqm7.yzt 945664 bytes
ooxml_oleobject_00_ole10native_00.bin
7b7dea8f27727c30b80080e05300162f379ec279c5600ff68708760c926eb00f		 ole-package OOXML xl/embeddings/LsyOyqm7.yzt Ole10Native stream: oLe10NaTiVE 935452 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.