Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 617b85bbb3d9c627…

MALICIOUS

Office (OLE)

690.0 KB Created: 2020-07-08 08:53:56 Authoring application: Microsoft Excel First seen: 2020-07-24
MD5: 720a5d88e66d53347ac4318371258379 SHA-1: 160be83ca612a9da4ee8c0f445e2c12dc6b4e19e SHA-256: 617b85bbb3d9c6278c69d899fc91a06f5b843e0db503da23eed661af3626754c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file identified as containing an encrypted Excel 4.0 macro sheet. This type of macro is often used to download and execute malicious payloads. The presence of an encrypted macro sheet and the 'AUTOOPEN' heuristic strongly suggest malicious intent, likely involving the execution of arbitrary code.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.