Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 063f491f46849fa0…

MALICIOUS

Office (OLE) / .XLS

178.5 KB Created: 2020-10-13 20:44:56 Authoring application: Microsoft Excel
MD5: 3f0b0979ee7cf9bd934d2629e82de0ed SHA-1: 3d2fcb32a7fad3ab9058f5ba05c0e9f22ae76af7 SHA-256: 063f491f46849fa09ff33fb0a05278b6db66c0b74dc7406cee0554c9e848bbd2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is an encrypted Excel 4.0 macro sheet, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET and OLE_XLM_AUTOOPEN heuristics. This suggests the file was intended to be delivered as an attachment, likely via spearphishing, and execute its embedded macro upon opening. The macro sheet is encrypted, preventing further analysis of its specific actions.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.