Malicious Office (OLE) / .EX — malware analysis report

Static analysis result for SHA-256 2e6c05c9e91e732c…

MALICIOUS

Office (OLE) / .EX

3.29 MB Created: 2009-11-13 06:06:00 Authoring application: Microsoft Office Word
MD5: caae2f63443a3daaae07708c2a71027a SHA-1: a7c2dc7336c9de63d75713e5e55ea973aadb4dcd SHA-256: 2e6c05c9e91e732c6b21eab7041fc1d10b753a109abb4f31464f57abfdac4b52
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Office document containing a 'Document_Open' VBA macro, indicating an attempt to execute code upon opening. The document body presents itself as a test report, a common lure for social engineering. While no specific malicious URLs or commands were extracted, the presence of the macro and the deceptive document content strongly suggests a malicious intent, likely to download and execute a secondary payload.

Heuristics 2

  • Document_Open macro high OLE_VBA_DOCOPEN
    Document_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
f7cf1fa7f4749e71a1d9f81d52c59bdc03da31b0d4d7aa29949720d540cfd1d0		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 93179 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.