Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 1d2ee6d80babc573…

MALICIOUS

Office (OLE) / .XLS

35.0 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel
MD5: 1018edcc355eff9f0a4de86e2d3370b2 SHA-1: 95e823401da426bcd7592bbf71a491918dbbdb74 SHA-256: 1d2ee6d80babc57368a251a92e93779442578a1f4295c0e4d4a83553e15c72db
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059.001 PowerShell

The sample is an XLS file containing VBA macros. The high-severity heuristic for GetObject indicates a potential for arbitrary code execution. The VBA code is heavily obfuscated but appears to construct URLs and then execute them, likely to download and run a second-stage payload. The specific URLs identified are the primary indicators of compromise.

Heuristics 2

  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
5323fc3fa77db5916b1463fec08d8dc494625f201048eb00780253d2cc8f791e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1246 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.