Office (OLE) / .XLSX malware analysis — malicious · 46fa054bbc54c602

MALICIOUS

Office (OLE) / .XLSX

63.1 KB Created: 2021-08-17 12:24:08 Authoring application: Microsoft Excel

MD5: f87ce432682c13dc7391e128cf258b01 SHA-1: 311f1e763daf8f2f81621d232c96514cb7be76d5 SHA-256: 46fa054bbc54c6020566d472d0588cec5c3f650b8ea208c53c5619db7e39bbb6

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The sample is an Excel file containing VBA macros. The 'SE_ENABLE_LURE' heuristic indicates the document attempts to trick the user into enabling macros. The 'Auto_Open' macro uses the ScriptControl object, which is associated with CVE-2015-0097, to execute code embedded in the document's properties. This script likely downloads and executes a second-stage payload.

Heuristics 4

MSScriptControl.ScriptControl — CVE-2015-0097 high CVE likely CVE_2015_0097_SC

MSScriptControl.ScriptControl — CVE-2015-0097
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `0278d22c57457c6ea65486c5e13f4b06bae683e9ef9fa360c905d1932da96848`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	862 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.