Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 3adef3896ead122e…

MALICIOUS

Office (OLE) / .XLS

5.51 MB Created: 2008-08-27 13:16:27 Authoring application: Microsoft Excel
MD5: 4aa254ba4e860ab46fe56e5aa5cba8af SHA-1: 75def3937154f1975b5dc0ed851c9d9bbf9b65b6 SHA-256: 3adef3896ead122e0d02b3e8ab91a79e2c8ab7a0d3d97c904e2901cce9470656
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1546.001 Event Triggered Execution: Event Initialization

The file is an Excel spreadsheet containing VBA macros, specifically an Auto_Open macro which is a common technique for initial execution. The macro prompts the user for a 'client code' and a 'password', indicating a credential harvesting or phishing attempt. The macro is truncated, preventing a full analysis of its behavior, but the initial prompts strongly suggest a social engineering lure.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
8c7cf74390553c280742ffd30690999c3a5f6a632bc9c2d09a97169ff142ba5e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 6023 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.