Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 40817ee503275738…

MALICIOUS

Office (OLE) / .XLS

21.5 KB Created: 1999-02-20 08:56:09 Authoring application: Microsoft Excel
MD5: 421e07e8ff449f68442e16a83a8366bf SHA-1: 9e75832415f4964e329f6952520595a77cd28cef SHA-256: 40817ee5032757387df7b0e3999dbf87c89258642aea0dd4a36a2c809391c7af
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The presence of an Auto_Open macro in this XLS file indicates that malicious VBA code is designed to execute automatically upon opening the document. The document body presents a project plan, likely a lure to trick the user into enabling macros. No specific IOCs like URLs or hashes were extracted, but the Auto_Open macro is a strong indicator of malicious intent.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
c62eaea71a1aff2c3bd412f7e3926a1c8cca6f7dac15432b67a3d3f507f57b82		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 863 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.