Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 5177ec7cb37803e7…

MALICIOUS

Office (OLE) / .XLS

33.8 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel
MD5: 4e67a164a296059068ada20825392ce4 SHA-1: 8a3e3cfb979520828aa01dfd8f6aaa078ec4a93b SHA-256: 5177ec7cb37803e7ea0ae1e370e992997c6ed10b74bf2b9936145eb0c34e528a
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.003 Windows Command Shell

The sample exhibits suspicious behavior related to PEB access and invokes cmd.exe with an execution flag. This suggests an attempt to execute arbitrary commands, likely for downloading and running a second-stage payload. Without further script or URL evidence, the specific family and detailed attack vector remain unclear.

Heuristics 2

  • PEB access via FS segment (x86) high SC_PEB_ACCESS
    PEB access via FS segment (x86)
  • Suspicious cmd.exe invocation with execution flag high SC_STR_CMD
    Suspicious cmd.exe invocation with execution flag

Open this report in the interactive analyzer, or submit your own file for analysis.