Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 1c697576d6b2f35c…

MALICIOUS

Office (OLE)

18.5 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 8914e8a6e1a6194bfd1359aae0cdbcbc SHA-1: ddd82ee6af7e6140cf5592e1e02522e98d8ac874 SHA-256: 1c697576d6b2f35cd6b2b6cda2c6f14135524e6c4dd4b315f8dd271bc7ce1c01
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Excel document containing a known macro virus marker cluster (Laroux/Larou-CV) and is detected by ClamAV as Legacy.Trojan.Agent-472. The presence of macro-related heuristics strongly suggests the execution of malicious Visual Basic code, likely to download and execute a secondary payload. The IOC 'PERSONAL.XLS' is a common target for macro malware persistence.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-472 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-472
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.