Malicious Office (OLE) / .XLSX — malware analysis report

Static analysis result for SHA-256 36ac9376b6f88e49…

MALICIOUS

Office (OLE) / .XLSX

20.0 KB Created: 2004-10-29 23:54:58 Authoring application: Microsoft Excel First seen: 2023-02-05
MD5: ea3548a48b301a99a9cad2e1d5a0f473 SHA-1: 9e01692c633adcd0fcef1dcc65b723a0a9c35eaf SHA-256: 36ac9376b6f88e49e17fcb4eb668dea623f8310d19c4b4ede05ca361e37695f0
120 Risk Score

Malware Insights

MITRE ATT&CK
T1547.001 Registry Run Keys / Startup Folder T1547.001 Registry Run Keys / Startup Folder T1059.005 Visual Basic

The critical ClamAV detection and high-severity heuristic for Auto_Open macros indicate malicious intent. The VBA script attempts to establish persistence by copying itself to the Excel startup folder as 'StartUp.xls' and configuring macro execution hooks. This behavior is characteristic of malware designed to survive reboots and maintain a presence on the system.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
79b21a7c777209cbed010937c211fa50ce8f1a7a563e8469017a43761e814fcd		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.