Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 96ff4fc96fffbfd1…

MALICIOUS

Office (OOXML) / .XLSX

694.0 KB Created: 2023-12-04 17:54:29 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2024-06-11
MD5: ba853f23a2f12f5d9f81fd2d89686a36 SHA-1: 9712c8aaaf1864268845bb2312ab840ef5aabe21 SHA-256: 96ff4fc96fffbfd135fb3612a5eb8945f856c22a019555a252218d41fab5931e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking

The high-severity heuristic firing for an Equation Editor OLE object indicates a strong likelihood of exploitation. This technique is commonly used to deliver malicious payloads by leveraging vulnerabilities within the Equation Editor component. No further IOCs were extracted from this sample.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/2hT.Wu8G contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
909f058e82dbc6d7f4ac7cd251e3bf64ce2240acd93fe4a80dca20b5290d7a85		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/2hT.Wu8G 1006080 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.