MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1559.001 Component Object Model Hijacking
The primary finding is a high-severity heuristic indicating an Equation Editor OLE object embedded within the XLSX file. This object is frequently exploited to deliver malicious payloads. The presence of this object strongly suggests an attempt to leverage known vulnerabilities within the Equation Editor component.
Heuristics 2
-
Equation Editor OLE object high OLE_EQUATION_EDITOREmbedded OLE object xl/embeddings/5aAcI5Qig.L4ScPeh contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.bind71d4af74108b62e99aad4142a856b9648c8eaf7f598b00fb6441bf2ac73991a |
ooxml-ole-object | OOXML embedded OLE part: xl/embeddings/5aAcI5Qig.L4ScPeh | 2994688 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.