Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 490f49d093ea3409…

MALICIOUS

Office (OLE) / .XLS

52.0 KB Created: 2004-05-18 15:07:34 Authoring application: Microsoft Excel
MD5: 01df626a290e0a84d600e9db0875bfd0 SHA-1: b9e6dd2b07c3385c9981fa0089ceab928165ad83 SHA-256: 490f49d093ea3409de31ed3177acf2c2e6bdebdbb0e0e6244177b14bbf34f327
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1218 System Binary Proxy Execution

The file is an Excel spreadsheet identified as malicious due to the presence of VBA macros. The high-severity heuristic 'OLE_VBA_CREATEOBJ' indicates that the macros likely attempt to create and execute objects, a common technique for downloading and running second-stage payloads. No specific IOCs were extracted, and the document body content appears to be legitimate business data, suggesting the malicious functionality is entirely within the VBA code.

Heuristics 2

  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
839c85a75b65f81670bccc8b7b8b7bea6f957d19e9c2e316a4c872de7b6c8db5		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 7094 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.