Office (OLE) / .XLS malware analysis — malicious · 55a06694bb96ecc4

MALICIOUS

Office (OLE) / .XLS

65.5 KB Created: 2021-08-17 12:24:08 Authoring application: Microsoft Excel

MD5: fc131e1124ba38d0e89621a681b14a8a SHA-1: e6bf064bf0264140dfd4056eeb92653765b68d2f SHA-256: 55a06694bb96ecc422a7a6c731053b1ef5a35b5f5bac78752ca60b729cf7441f

160 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The file is a macro-enabled Excel spreadsheet containing an Auto_Open macro. This macro utilizes the MSScriptControl.ScriptControl to execute code embedded within the document's Subject and Comments properties. This technique is known for downloading and executing additional payloads. The heuristic firings strongly indicate malicious activity, specifically leveraging CVE-2015-0097.

Heuristics 4

MSScriptControl.ScriptControl — CVE-2015-0097 high CVE likely CVE_2015_0097_SC

MSScriptControl.ScriptControl — CVE-2015-0097
ClamAV: Xls.Downloader.MirrorBlast-f8f807074fc98734-9955046-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Downloader.MirrorBlast-f8f807074fc98734-9955046-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `0278d22c57457c6ea65486c5e13f4b06bae683e9ef9fa360c905d1932da96848`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	862 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.