Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 16b98e2156fb721a…

MALICIOUS

Office (OLE)

348.0 KB Created: 2020-07-21 07:21:33 Authoring application: Microsoft Excel First seen: 2020-09-15
MD5: 98878d4f648ee9936b18706b74ef466d SHA-1: 4e3ff8b1fc956090be01b2f367041d29316a6a1e SHA-256: 16b98e2156fb721a760cd3d4e5c1a8c18dee54f795c6d8624339e25c5e33c2b1
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The presence of encrypted Excel 4.0 macro sheets, specifically noted by the 'OLE_XLM_ENCRYPTED_MACROSHEET' heuristic, strongly suggests malicious intent. The 'OLE_XLM_AUTOOPEN' heuristic further confirms the presence of an auto-executable macro, commonly used to initiate malware execution upon opening the document. The document body was unreadable, preventing further analysis of its specific lure.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.