Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 5573f897e63b4acc…

MALICIOUS

Office (OLE) / .XLS

49.5 KB Created: 2021-10-05 06:46:58
MD5: cf24411fb8167a9e217ba80c2eb29aea SHA-1: 0ce703e17e9ad29fb5eb398cd564acc79f0ce08c SHA-256: 5573f897e63b4acc883fabb0974b495278d84aa3edba1c335c0bd8e8a5c639d1
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel spreadsheet containing VBA macros. The critical ClamAV heuristic indicates it's known malware (Win.Malware.Agent-9899780-0). The VBA code is heavily obfuscated, making it difficult to determine the exact payload, but the presence of macros and the malware detection strongly suggest it's designed to execute malicious actions. The script's intent appears to be obfuscated code execution, but the specific actions are not clearly discernible.

Heuristics 2

  • ClamAV: Win.Malware.Agent-9899780-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Malware.Agent-9899780-0
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
922893c22985eeb178dc840f948aaf7a3639580ab1ed0473e7651fc8e9bf98df		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2087 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.