Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 1b11b0b25bcfcbe3…

MALICIOUS

Office (OLE) / .EXE

487.0 KB Created: 1998-09-29 02:17:52 Authoring application: Microsoft Excel
MD5: 2bea6be1eb3112282d6d89c8f6b6de0a SHA-1: b7f1d62075ecae153b833754c2a9640843c6b188 SHA-256: 1b11b0b25bcfcbe33e5d1a6f5b71a6a33fbbfcb140d154607ca0745ac9703a14
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1547.001 Registry Run Keys / Startup Folder

The file is an executable disguised as an Office document, containing a high-severity Auto_Open VBA macro. This macro likely attempts to establish persistence by writing to the registry Run key 'HKCU\Software\Microsoft\Windows\CurrentVersion\Run\IAccessible2Proxy'. The document body content appears to be a list of software product codes and names, possibly a lure or distraction.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
dedbbfd6ee4f9141d563f7d868c4cdf967db369f3ec4136e031410ac66bab3a8		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1918 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.