MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
T1566.001 Spearphishing Attachment
The file is a Microsoft Office document containing embedded OLE objects, one of which is flagged as a likely exploit for CVE-2026-21514. The heuristic firings indicate that these OLE packages contain executable or script file types, suggesting they are designed to deliver and execute a malicious payload upon opening. The document itself is a template, providing no further context on the lure.
Heuristics 2
-
Ole10Native package carries executable/script file type high OFFICE_PACKAGE_RISKY_FILEOLE Package displayName or fullPath ends in an executable or script-capable extension. Even without UI extension spoofing, embedding a runnable payload inside an Office document is a high-risk delivery pattern.
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.bin |
ooxml-ole-object | OOXML embedded OLE part: ppt/embeddings/oleObject2.bin | 11264 bytes |
SHA-256: 9b835f8261f8c4753dc6179385af09465ee9a83e4a49c8f38607c9c024c4c4d7 |
|||
ooxml_oleobject_00_ole10native_00.bin |
ole-package | OOXML ppt/embeddings/oleObject2.bin Ole10Native stream: Ole10Native | 4360 bytes |
SHA-256: 7a2ab74369782ef496c527aa13232a98bf50aa5b63f7d5f10bde8b8800457c65 |
|||
ooxml_oleobject_01.bin |
ooxml-ole-object | OOXML embedded OLE part: ppt/embeddings/oleObject1.bin | 285696 bytes |
SHA-256: b9e09ba2d56b5f828307263fa53e150edf7db2ba8fa1bafd89993172b2d02cfc |
|||
ooxml_oleobject_01_ole10native_00.bin |
ole-package | OOXML ppt/embeddings/oleObject1.bin Ole10Native stream: Ole10Native | 276603 bytes |
SHA-256: 5445cff2fde86ed68f31bb003d2d89bf95ed26bee3785576955e5ab91ce8d97b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.