Office (OLE) / .XLS malware analysis — malicious · 32040e7c3d6c535a

MALICIOUS

Office (OLE) / .XLS

2.24 MB Created: 2007-05-22 02:44:42 Authoring application: Microsoft Excel

MD5: 30cae57bbe6e983fc4b7e0a5e00a658f SHA-1: da698101c8778040f318564a340fbdd2a14d1834 SHA-256: 32040e7c3d6c535aa0085bdb2323e6a0bee3979a3b2e9c4edb4444d3c29e4281

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is identified as a malicious Excel 4.0 (XLM) macro-enabled spreadsheet. The presence of OLE_XLM_AUTOOPEN and OLE_XLM_LEGACY_MACRO_VIRUS heuristics strongly indicates the execution of legacy XLM macros. The document body contains financial and accounting terms, suggesting a lure to entice users to open and interact with the malicious content. No specific IOCs like URLs or hashes were extracted, but the macro execution itself is the primary threat.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.