Office (OLE) / .XLS malware analysis — malicious · 3e7eb348afad1ae3

MALICIOUS

Office (OLE) / .XLS

50.0 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: e12ec1254bd6024892cd9f31e965fdc6 SHA-1: 454239465844f4dae508f09ea3bf4ed662402f0e SHA-256: 3e7eb348afad1ae3984b1fcea91fe82ce88cfd117b5932aef94f862bed4e4540

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Excel spreadsheet containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening the document. ClamAV detected this as Doc.Macro.Laroux-5893719-0. While no specific payload URLs or commands were extracted, the presence of the Auto_Open macro strongly suggests the intent to download and execute a second-stage payload.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `ca590847096b3669ec12a4d0805613ab988f88c2ad6a348525f2a9f021510892`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1824 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.