Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 54347c2503c071c7…

MALICIOUS

Office (OLE) / .XLS

408.0 KB Created: 2007-01-18 00:03:43 Authoring application: Microsoft Excel
MD5: e4792e3e6c5acae7aa9a140fd00d8dbe SHA-1: 48ca1e946ec44aca7fe82fc03e1ef88071b4e517 SHA-256: 54347c2503c071c730de0b3ce083fa741c6c28586a75dee3269ea926e071ef71
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing a list of mobile phone parts and accessories. The presence of a Workbook_Open macro indicates that malicious code is likely executed upon opening the document. While no specific malicious URLs or scripts were extracted, the document's content and the macro presence suggest a phishing or scam attempt to lure users into clicking malicious links or downloading further payloads.

Heuristics 2

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
6689f1a27a845e271f910cae1194250742172877a1bfa66c95f65c52dde7175f		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 58675 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.