Office (OLE) malware analysis — malicious · 5c3852b6911506ea

MALICIOUS

Office (OLE)

828.0 KB Created: 2020-07-06 14:05:22 Authoring application: Microsoft Excel First seen: 2020-07-24

MD5: c15f2994d996b0137f0287af7345ef26 SHA-1: 13e970b0361fa65a287fb21b2d65edba0ac2e62c SHA-256: 5c3852b6911506ea037ce9af7b393b99e4cb9b8a03e2cb0b0f0e9be52710fafa

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Excel 4.0 macro sheet, identified by heuristics indicating encrypted macros and an auto-open function. This suggests the file is designed to automatically execute malicious Excel 4.0 macros upon opening, a common technique for delivering secondary payloads. The lack of readable document body text or scripts makes it difficult to determine the exact payload or lure, but the presence of encrypted XLM macros points to a malicious intent.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.