Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 d92c5251e8ea6ded…

MALICIOUS

Office (OOXML) / .XLSX

2.16 MB Created: 2025-08-18 05:08:49 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2025-08-19
MD5: 202ab9008eadeeffd406147bdc7978bb SHA-1: ab547f8cefd761d0e14188aa1580466bd518480a SHA-256: d92c5251e8ea6deda92ae44fa01f8b7675c4c8553326345450acbacf7c2ef29a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking

The sample is an Office document containing an embedded OLE object, specifically identified as an Equation Editor object. This type of object is frequently used to deliver malicious payloads. The document body contains what appears to be garbled text, suggesting it may be obfuscated or intended to be unreadable, further supporting the malicious intent of the embedded object.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/LOOQsoJMM.WLrHJ contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
e61522a57b9804d4252978de9d995697fd78e95aafa9924fb7d9ec99e2f5bb48		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/LOOQsoJMM.WLrHJ 3005952 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.