Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 1804565c47973e29…

MALICIOUS

Office (OLE)

524.0 KB Created: 1997-01-08 22:48:59 Authoring application: Microsoft Excel
MD5: 659974cbb136045d9ab9c85d50623d7a SHA-1: 7e770f6a7fcc66e8cde334d3c82e20a0762761b6 SHA-256: 1804565c47973e29504d38bdd9772c4e85963855a2a737aaa2fd1504619d9838
140 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059 Command and Scripting Interpreter T1204.002 Malicious File

The file is an Excel document containing VBA macros, including an Auto_Open macro and CreateObject calls, which are indicative of malicious intent. The presence of CreateProcess API references suggests the macro attempts to launch an external process. While the exact payload is not visible, the macro's structure points to a downloader or initial execution stage.

Heuristics 4

  • Reference to CreateProcess API high SC_STR_CREATEPROCESS
    Reference to CreateProcess API
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
84eecc9f41bb86391e5efc66cea16f2ef73ac45c575534a9e3efdca070a12e91		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 143784 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.