Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 591ba92a2cf9e911…

MALICIOUS

Office (OLE) / .XLS

953.0 KB Created: 2021-09-23 20:43:06 Authoring application: Microsoft Macintosh Excel First seen: 2022-11-10
MD5: 15ea5c25a8cb630ec677aa0aee48a46a SHA-1: 5889110606419d528ce668c4c88ed149a4e07df4 SHA-256: 591ba92a2cf9e9110165c0a3bc3190487277ebba6334d5f39c06bb2024d1cdb0
82 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1204.001 Malicious Link: Malicious Link

The critical ClamAV detection and the presence of VBA macros indicate malicious intent. The VBA script explicitly creates a hyperlink to 'https://www.myonlinetraininghub.com/excel-hyperlink-buttons' and attempts to follow it, suggesting a lure to a potentially malicious website. The document body content is minimal and does not provide further context.

Heuristics 3

  • ClamAV: Xls.Downloader.be3e9999e42690c3-9978797-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.be3e9999e42690c3-9978797-0
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.myonlinetraininghub.com/excel-hyperlink-buttons

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
0dd46f15b87ac5d4fbb01f4ac5a60c4991dadeda79ec90ba5d029ff9fcf22da9		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1422 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.