Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 510cdbb92c4a6e3b…

MALICIOUS

Office (OLE) / .XLS

1.10 MB Created: 2002-05-20 09:54:27 First seen: 2023-04-24
MD5: 90716974d425efd058207e884bc3237b SHA-1: 9a3551631a7a1b09387f91446456848248d21186 SHA-256: 510cdbb92c4a6e3b5807b9a2bd8fd4fdbb55f4c413b38630a5231ec6a42d1791
108 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing with Other Weapons T1059.005 Visual Basic

The file is an XLS spreadsheet containing VBA macros, including an Auto_Open macro, which is a common delivery mechanism for malicious content. The macros display urgent messages about program expiration, attempting to create a sense of urgency to prompt user interaction. No external network activity or specific exploit attempts were detected in the static analysis.

Heuristics 4

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Urgency / deadline lure low SE_URGENCY_LURE
    Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
96b1fa6f2a418191cee26977aa73bbcd2187e35933933c8d278e6a3a7ca0ce63		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 31879 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.