Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 35df514d13a43a3f…

MALICIOUS

Office (OLE) / .XLS

510.0 KB Created: 1996-10-21 11:03:58 Authoring application: Microsoft Excel
MD5: 468bd388486eff18aabdf1ccd7e49625 SHA-1: 80e3edf5163df9e1dca2951049cc2b450ed70ed8 SHA-256: 35df514d13a43a3f2040314c6ca153c2ae7a2a1cbed170eda40da0c63ab30613
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.002 Spearphishing with Other

The sample is an Excel spreadsheet identified as malicious due to the presence of VBA macros. The Workbook_Open macro indicates that the malicious code will execute automatically upon opening the file. While no specific malicious URLs or scripts were extracted, the presence of the Workbook_Open macro strongly suggests an attempt to download and execute a secondary payload or perform other malicious actions. The document body contains what appears to be a timesheet or project tracking template, likely used as a lure.

Heuristics 3

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://notswing.renault.fr/Documents
    • http://www.intra.renault.fr/Documents

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
b3f8d9b0c108747ce321d5e115edbab43ac328a32e17f82f7be8b9300f763dd7		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 41025 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.