Office (OOXML) / .XLSX malware analysis — malicious · 8dcec1d4937f5f02

MALICIOUS

Office (OOXML) / .XLSX

2.06 MB Created: 2025-06-11 02:37:18 UTC Authoring application: Microsoft Excel 12.0000

MD5: 10dbaef20624d49de341080f7b84e1f0 SHA-1: 34def032a17a565cadc18381a0f3b84fd07cbf82 SHA-256: 8dcec1d4937f5f02fb86c1c11bb75d39fad883b7ded9757880b806394aed7811

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is an Office document containing an embedded OLE object, specifically identified as an Equation Editor object. This technique is often used to deliver malicious payloads. The document body contains a large amount of seemingly random characters, suggesting it is not intended for direct user consumption but rather to obscure the malicious content within the embedded object. The presence of the OLE object is a strong indicator of malicious intent.

Heuristics 2

Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR

Embedded OLE object xl/embeddings/qRCHDI3g.SUvHew contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `639f9648572409e3d7f02b73b56570cc38ae5b4bae939b430ba72106853719fc`	ooxml-ole-object	OOXML embedded OLE part: xl/embeddings/qRCHDI3g.SUvHew	2929152 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.