Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 484ff3f65341ad59…

MALICIOUS

Office (OLE) / .XLS

511.0 KB Created: 2004-05-15 13:07:36 Authoring application: Microsoft Excel
MD5: bb73abba614bb019b392be77a235fef8 SHA-1: 44edec8112da2116da88db6e42b0ecf61e1cda8f SHA-256: 484ff3f65341ad59f159ec40691e2f2079fa97e6d1284342436b19b3c5e5591c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications T1566.002 Spearphishing Attachment

The sample is an Excel spreadsheet containing VBA macros, specifically a Workbook_Open macro, indicating malicious intent upon opening. The document body advertises spreadsheet tools for purchase, suggesting a scam or phishing lure. The embedded URL likely leads to further information or the malicious payload. The Workbook_Open macro is designed to execute automatically, likely to download and execute a second-stage payload.

Heuristics 3

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.edicarlos.com.br/html/duvplanilhas.htm

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
3ce311b3d511604c2b901a1cde08c35c234734313909689873feb180ecc6add6		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 16699 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.