Office (OOXML) / .DOCX malware analysis — malicious · ed634afb236ae762

MALICIOUS

Office (OOXML) / .DOCX

344.3 KB Created: 2017-03-22 17:53:00 UTC Authoring application: Microsoft Office Word 15.0000

MD5: b7ecb451a56b5bd94313f10939dd7e0f SHA-1: b660d271e53972ccf414d9ab4de7e8a75aa03b59 SHA-256: ed634afb236ae76203dd8493afba997774bf23b71b70a386c7dea2be0a45eda4

60 Risk Score

Malware Insights

MITRE ATT&CK

T1559.001 Component Object Model Hijacking T1204.002 Malicious File

The sample is an OOXML document containing an embedded OLE object. Heuristics indicate this object has indicators for exploitation of CVE-2026-21514, suggesting it's designed to deliver a malicious payload. No scripts were extracted, and the document body was not available for analysis.

Heuristics 2

OOXML Ole10Native with payload/link indicators — possible CVE-2026-21514 high CVE likely CVE_2026_21514

Office document contains embedded OLE (word/embeddings/oleObject1.bin) with Ole10Native plus executable, PE, or risky remote-link indicators. This is a likely CVE-2026-21514 exploitation shape.
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin` `726464a691ca04a8270275d4af2e853ca0e795b6de259adfbc1391a0373d3355`	ooxml-ole-object	OOXML embedded OLE part: word/embeddings/oleObject1.bin	4608 bytes
`ooxml_oleobject_00_ole10native_00.bin` `bb6b8b414179f5611cb85d563c435d7c917d7384861803027c855f687b07b824`	ole-package	OOXML word/embeddings/oleObject1.bin Ole10Native stream: Ole10Native	2251 bytes
`emf_00.emf` `92f07ebee99acc0a6f677b2fe28d3585c933baa217b0ce7103c65cd29719608f`	ooxml-emf	OOXML EMF part: word/media/image2.emf	5440 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.