Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 5457145d1709f682…

MALICIOUS

Office (OLE) / .XLS

108.5 KB Created: 2021-10-08 09:36:50 Authoring application: Microsoft Excel
MD5: 413bd16983ee371d2955416354a17b2c SHA-1: 80109e4a31a19fc5a93f69863354ecb23cea7027 SHA-256: 5457145d1709f6828a743ebe4ab34c74345647d7caca86d715db1cb52a7c596e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059.001 PowerShell

The sample is a malicious Excel file containing an Auto_Open VBA macro. This macro utilizes the ScriptControl object to execute code embedded within cell A1 of the first sheet. The script language is dynamically determined by the name of the second sheet. This mechanism is commonly used to download and execute a second-stage payload.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
c0a2e02cdc983753ca9d149020ffe15e0a3f2d34c9b5efe9b22282a29b0cb4de		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1081 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.