Malicious Office (OLE) / .DOCX — malware analysis report

Static analysis result for SHA-256 26711d59be0c7aa5…

MALICIOUS

Office (OLE) / .DOCX

45.0 KB Created: 2000-10-07 09:36:00 Authoring application: Microsoft Word 8.0
MD5: ea7c80109cc23a50fa0f2270300529e2 SHA-1: 94c3b515d8590a09955e15d29b053ff2575f16bb SHA-256: 26711d59be0c7aa5b97c96dc0eb5c5a7d309b2cf2c8c51f6256203c7439e60b5
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is a malicious Word document containing VBA macros. The AutoClose and AutoOpen macros are designed to copy themselves and other related macros to both the Normal template and the active document, indicating an attempt to establish persistence. The script also attempts to disable virus protection and remove the Macro option from the Tools menu.

Heuristics 3

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
4ba0b67168bb7a1eac8f18741708e93af6a7a3dd3e74430348c72c1f12a4f347		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 7725 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.