Office (OOXML) / .XLSX malware analysis — malicious · b5e7bab778634648

MALICIOUS

Office (OOXML) / .XLSX

2.19 MB Created: 2025-08-06 23:16:59 UTC Authoring application: Microsoft Excel 12.0000

MD5: 36262cf1f003866124be9ef9cf75d7eb SHA-1: 8ff83220d800abc226b78d1e1a4f571280556305 SHA-256: b5e7bab778634648ba86cc555a63425965a5cb9b488670b4ccd1792ece2d9001

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1204.002 Malicious File

The file is an Office document containing an embedded OLE object, specifically identified as an Equation Editor object. This is a known vector for exploiting vulnerabilities like CVE-2017-11882. The embedded object is likely used to execute arbitrary code, leading to the download and execution of a secondary payload. The document body contains garbled text, suggesting it is not intended for direct user interaction but rather as a container for the exploit.

Heuristics 2

Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR

Embedded OLE object xl/embeddings/7OAm8cv.22Y contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `5ab6a1effe37c121068de82ac7ac08a08d19c19c21a919eb563e0488d71ae0ae`	ooxml-ole-object	OOXML embedded OLE part: xl/embeddings/7OAm8cv.22Y	3047936 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.