Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 f8fb6c4ac020b9b8…

MALICIOUS

Office (OOXML) / .XLSX

803.1 KB Created: 2024-09-30 12:55:35 UTC Authoring application: Microsoft Excel 12.0000
MD5: c4d3d1b1842e510619920b9492900250 SHA-1: 25749eb1073ce81fd72314dda9efab61adb70b3f SHA-256: f8fb6c4ac020b9b8116781833ad5f536979a2e21986601c55928a2bfcc3036ce
62 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking

The file is an Excel spreadsheet containing an embedded OLE object, specifically identified as an Equation Editor object. This type of object is frequently abused to deliver malicious content. The presence of this object strongly suggests an attempt to exploit vulnerabilities or execute arbitrary code upon interaction by the user. No scripts were extracted from this sample.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Embedded OLE object xl/embeddings/XW9.1jor contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
  • Embedded OLE object medium OOXML_OLE_OBJECT
    Document contains an embedded OLE object

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
ooxml_oleobject_00.bin
24d3287c4fe85d5ad35baeb79ceed97d3b6350a87d4e9893b35fb070048e740e		 ooxml-ole-object OOXML embedded OLE part: xl/embeddings/XW9.1jor 1073664 bytes
ooxml_oleobject_00_ole10native_00.bin
359436e8fee40052239f0f57e502101eb59f39fc754c63769cdad55d03f2e179		 ole-package OOXML xl/embeddings/XW9.1jor Ole10Native stream: OLE10NaTive 1062521 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.