Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 30b3ed47ed804ca3…

MALICIOUS

Office (OLE) / .EXE

106.0 KB Created: 1999-09-01 04:55:57 Authoring application: Microsoft Excel
MD5: 6b5f1430c3c6f369e76b36ed54d0a5a8 SHA-1: 76c742591bc2bb1a2ddf727f3361d18c72660bda SHA-256: 30b3ed47ed804ca3b589e8ea5ef81447b38ea9d7a54d6adc39f53e8c0a933863
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel OLE executable containing VBA macros, with a high-severity heuristic indicating the presence of an Auto_Open macro. This suggests the macro is designed to execute automatically when the document is opened, likely to download and run a secondary payload. No specific family could be identified, and no IOCs were extracted beyond the presence of the macro itself.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
14dd5e313ac4c78fdaa5708d67f4ea697d35c611f188e18ce9578c723b0f64b4		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1904 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.