Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 1b15e03c55c11064…

MALICIOUS

Office (OLE)

815.0 KB Created: 2004-05-31 01:00:00 Authoring application: Microsoft Word 9.0
MD5: 12e3be947d4ebe28272f8f64d75774c1 SHA-1: b193814609c0885503be66c6daa4040e4e2a7f08 SHA-256: 1b15e03c55c11064cabd864ab25d3868dca67a1c0d5cfa3b4e9844836a61893a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Office document containing VBA macros, specifically triggering a Document_Open macro. This macro is likely responsible for executing malicious actions, such as downloading and executing a second-stage payload. The presence of the 'macros.bas' file further confirms the macro-based nature of this threat. The document body content appears to be technical specifications, suggesting a lure to entice users to open and interact with the malicious content.

Heuristics 2

  • Document_Open macro high OLE_VBA_DOCOPEN
    Document_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
b091283c406ec123068cc9f5034e916e942031a0e477481bc8442061898b5071		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1329 bytes
ole10native_00.bin
26a2b85f6dead64e2804eaf11640c60dd572be4603377d18273f7cf1eab499be		 ole-package OLE Ole10Native stream: ObjectPool/_967204451/Ole10Native 4676 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.