Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 baa6cc4e92f17a2c…

MALICIOUS

Office (OOXML)

65.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2020-10-01
MD5: 77058d2089a30e87d8d2db724aa83c2c SHA-1: 4537c70678d303530d34c0348ae9524bed778521 SHA-256: baa6cc4e92f17a2c054da2e097c3674a69a54399d0b6a3ace8e023a3d8cc729b
68 Risk Score

Heuristics 3

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/oleObject1.bin contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object
  • Hidden worksheet (veryHidden) low OOXML_HIDDEN_SHEET
    Excel workbook contains 1 hidden sheet(s) — hidden sheets are commonly used to conceal macro code, staging data, or intermediate payload construction

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin ooxml-ole-object OOXML embedded OLE part: xl/embeddings/oleObject1.bin 4608 bytes
SHA-256: c39e03eae0c6b92473751fd0d16127df9148f43e665695d11d7da03bf22a2290