Office (OOXML) / .XLSX malware analysis — malicious · 82b9ae10b8b67e81

MALICIOUS

Office (OOXML) / .XLSX

2.34 MB Created: 2025-09-04 00:14:20 UTC Authoring application: Microsoft Excel 12.0000

MD5: 4d7b28f6a99c58d81fd6963de43b5d07 SHA-1: 841dba7af6e8547c1b8452bd7012485577c1e593 SHA-256: 82b9ae10b8b67e81b8b2db9a3bbb5bf49c35bad265da3a2ad367442e4f5aaddd

80 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The sample is an OOXML file containing an embedded OLE object, specifically identified as an Equation Editor object. The document also contains a lure to enable macros, indicating it is likely a dropper. No scripts were extracted, and the embedded object's content could not be analyzed further, limiting the ability to identify a specific family or detailed execution flow.

Heuristics 3

Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR

Embedded OLE object xl/embeddings/H8EqTaxc.BNAq8w contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `c7b187739104cc200c028e0c8950164eadf5ed4a9cc0afe06846f1fd459df2aa`	ooxml-ole-object	OOXML embedded OLE part: xl/embeddings/H8EqTaxc.BNAq8w	3019776 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.