Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 44615f6486f5c524…

MALICIOUS

Office (OLE) / .XLS

782.0 KB Created: 2000-03-03 21:30:06 Authoring application: Microsoft Excel
MD5: b4a2c2472e3014c08478f6438aaa3eb7 SHA-1: 6cdbbc6cb87a150bd77c52e0ac43d587484bd57d SHA-256: 44615f6486f5c52484ed91180f58f55de14043113287c121e1c7655ec370a705
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening. The document body, written in Turkish and Arabic, attempts to trick the user into enabling macros by stating it's essential for the program's functionality, which is a social engineering tactic. The presence of an Auto_Open macro and the document's content strongly suggest a macro-based attack. The embedded VBA macro is large and likely performs the core malicious actions, though its specific functionality is not detailed in the provided heuristics.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
dc8e01fd828e91472ba3cb510c1d18319cb6b7688bc0734f613d2a39d3573015		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 323448 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.