Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 5e86f75810bf4a66…

MALICIOUS

Office (OLE) / .EXE

79.0 KB Created: 1980-01-05 11:28:40 Authoring application: Microsoft Excel
MD5: c7d21e7316eba8d59b656109c6b4e4ed SHA-1: b513c39cf5380083b23cd63052ae336b0daa2b1b SHA-256: 5e86f75810bf4a6691fb09b5fa69e3575ff4f2bef55bf2eb36df46959c9c44bd
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as a malicious Excel 5 macro-virus, specifically the Laroux family, due to the presence of an Auto_Open macro and associated markers. The VBA script attempts to save a file named 'VERA.XLS' to the application startup path, which is a common technique for malware persistence and execution of secondary payloads. The macro also manipulates sheet visibility and workbook properties, further indicating malicious intent.

Heuristics 3

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
aaf0f2c5ef71321292f135f8ebb3bc4efdda9eeffd792d1b0fc9cc81863283f7		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1943 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.