Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 55a6292731b1f222…

MALICIOUS

Office (OLE) / .XLS

246.5 KB Created: 1999-03-24 17:38:12 Authoring application: Microsoft Excel
MD5: 6c1064a7d25ac6d12e5f82379fc49d2d SHA-1: fe33976efa6a97a4b2b61048872403fefe4908e1 SHA-256: 55a6292731b1f222b18ab59dc0fad8123c887fb96d57338e331708c5a7527558
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The presence of Auto_Open and Auto_Close macros strongly indicates malicious intent, likely to execute arbitrary code upon document interaction. The document body contains generic spreadsheet-related text, offering no specific lure. No other IOCs were extracted from the sample.

Heuristics 3

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
123f6d58c76a232a81e558ceb87151ed8f5a5d8dd38e5e2fbcea7a9ead98a80e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 291372 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.