Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 4e057e556e4e2b99…

MALICIOUS

Office (OLE) / .XLS

80.0 KB Created: 2000-05-02 06:03:52 Authoring application: Microsoft Excel
MD5: 6373da305f5867b7f12e08dbb044d7c1 SHA-1: c96b7204d0a78e8977ad7b48c36cdaf2145fadc7 SHA-256: 4e057e556e4e2b99664538c024cc42b8fa4787f55c4f98bb8ab08d381fec4b68
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.002 Spearphishing Attachment

The file is an Excel spreadsheet containing a VBA macro, specifically an Auto_Open macro, which is a common technique for initial execution. The macro source is 1908 bytes, indicating potentially complex malicious code. The document body contains financial statements in Thai, which may serve as a lure to disguise the malicious nature of the file. No specific IOCs like URLs or hashes were extracted, and the macro itself was not deobfuscated or analyzed for its specific actions, leading to a moderate confidence level.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
7d0b026b11ccccfb639b1257ea383a2d0c0d0aef448c3d7852070ab6cab1caf8		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1908 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.