Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 0cec30801d6b3c31…

MALICIOUS

Office (OLE)

82.5 KB Created: 2010-02-12 21:56:59 Authoring application: Microsoft Macintosh Excel First seen: 2018-03-04
MD5: 81734787d695a0b0783cb122cecf6c18 SHA-1: 047fec2dd4e77af17a50b779a03863dbdb2acde3 SHA-256: 0cec30801d6b3c3183c3b4bec4f2e22aedf8eaf36c7ed895de72876851653d94
82 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1203 Exploitation for Client Execution

The file is an Office document that references VirtualAlloc and WriteProcessMemory APIs, indicating potential memory manipulation for executing code. Although VBA extraction failed, the presence of these APIs suggests the document may attempt to download and execute a second-stage payload. The document body contains financial-related terms, suggesting a lure for a phishing or scam attempt.

Heuristics 3

  • Reference to WriteProcessMemory API critical SC_STR_WRITEPROCESSMEMORY
    Reference to WriteProcessMemory API
  • Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC
    Reference to VirtualAlloc API
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    The Analyzer could not extract VBA macros: the document may be legacy, encrypted or malformed.

Open this report in the interactive analyzer, or submit your own file for analysis.