Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 8d2cc5fa0283b675…

MALICIOUS

Office (OOXML)

141.3 KB Created: 2014-10-24 04:11:14 UTC Authoring application: Microsoft Office PowerPoint 12.0000 First seen: 2019-08-04
MD5: 28127fd977d0514042fe1e375635af6d SHA-1: 4511f8796c68b1d958a83966362ea69762d10fcd SHA-256: 8d2cc5fa0283b6753af7672fdd8ff71d61e62144c3d8a7e821626813d08b85f2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The file is a Microsoft Office document containing embedded OLE objects, one of which is flagged as a likely exploit for CVE-2026-21514. The heuristic firings indicate that these OLE packages contain executable or script file types, suggesting they are designed to deliver and execute a malicious payload upon opening. The document itself is a template, providing no further context on the lure.

Heuristics 2

  • Ole10Native package carries executable/script file type high OFFICE_PACKAGE_RISKY_FILE
    OLE Package displayName or fullPath ends in an executable or script-capable extension. Even without UI extension spoofing, embedding a runnable payload inside an Office document is a high-risk delivery pattern.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin ooxml-ole-object OOXML embedded OLE part: ppt/embeddings/oleObject2.bin 11264 bytes
SHA-256: 9b835f8261f8c4753dc6179385af09465ee9a83e4a49c8f38607c9c024c4c4d7
ooxml_oleobject_00_ole10native_00.bin ole-package OOXML ppt/embeddings/oleObject2.bin Ole10Native stream: Ole10Native 4360 bytes
SHA-256: 7a2ab74369782ef496c527aa13232a98bf50aa5b63f7d5f10bde8b8800457c65
ooxml_oleobject_01.bin ooxml-ole-object OOXML embedded OLE part: ppt/embeddings/oleObject1.bin 285696 bytes
SHA-256: b9e09ba2d56b5f828307263fa53e150edf7db2ba8fa1bafd89993172b2d02cfc
ooxml_oleobject_01_ole10native_00.bin ole-package OOXML ppt/embeddings/oleObject1.bin Ole10Native stream: Ole10Native 276603 bytes
SHA-256: 5445cff2fde86ed68f31bb003d2d89bf95ed26bee3785576955e5ab91ce8d97b

Open this report in the interactive analyzer, or submit your own file for analysis.