Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 2b864415c012e591…

MALICIOUS

Office (OLE) / .XLS

174.0 KB Created: 2021-10-26 12:36:39 Authoring application: Microsoft Excel
MD5: fc408946a727aaf95be52485fa4df1ee SHA-1: d540b5db66086da32ae87b5f9fbd337c9a0578b1 SHA-256: 2b864415c012e591045cefe7325506675a3f675f6683faaa1434077224d360c3
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1204.002 Malicious File

The file is an Excel spreadsheet containing a VBA macro that is automatically executed upon opening (Auto_Open). This macro calls the DllInstall function with the argument 'https://relaxedview.com/file/Excel.sct', indicating an intent to download and execute a payload from this URL. The presence of an Auto_Open macro and an embedded URL strongly suggests a malicious document designed for initial payload delivery.

Heuristics 3

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://relaxedview.com/file/Excel.sct$
    • https://relaxedview.com/file/Excel.sct

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
25439645186743e706b8794c52a053a2b12e72820e3dfcae63e3f081520dbe8a		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1055 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.