Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 547e20d935bf9d0a…

MALICIOUS

Office (OLE)

126.5 KB Created: 1997-01-08 22:48:59 Authoring application: Microsoft Excel
MD5: e99a562c3e2ea5fe2cca6ac35789acd5 SHA-1: 7d2f2fbb89e191870bfe9986b582f8f3e828528c SHA-256: 547e20d935bf9d0a43a7b799fb38196a4424db4df2443d7901bfa195e15b0477
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.002 Spearphishing Attachment

The file is an Excel document containing VBA macros, with both Auto_Open and Auto_Close macros detected. The presence of these macros, combined with the malicious verdict, strongly suggests that the VBA code is intended to execute malicious actions upon opening the document. The document body, formatted as a purchase order, serves as a lure to encourage users to open and interact with the malicious file. No specific IOCs were extracted, but the macro execution is the primary threat.

Heuristics 3

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
f44fae8265e2e74b26d5b538a408006a07a7ee06a99afa284006dbce706568e2		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 21945 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.