Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 5f73bc5acef451e3…

MALICIOUS

Office (OLE) / .XLS

263.0 KB Created: 2020-09-14 21:28:14 Authoring application: Microsoft Excel
MD5: fbf4b88e19f3ac104a7f217ec6c17253 SHA-1: 4f5f58f9b4765fe07341b29912e49311180973c6 SHA-256: 5f73bc5acef451e3b1af4be8fb0b0a24d701611cd4db99aad8ab54a5a289bcb2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an encrypted Excel 4.0 macro sheet, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET and OLE_XLM_AUTOOPEN heuristics. This suggests the file was designed to be delivered as an attachment and execute malicious macros upon opening. No specific IOCs were extracted, and the document body was unreadable.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.