Office (OLE) malware analysis — malicious · 6955788e3c573a40

MALICIOUS

Office (OLE)

1.32 MB Created: 2014-05-06 06:56:25 Authoring application: Microsoft Excel First seen: 2015-09-17

MD5: 1dcafbf76f01351299a66ca18814bcf0 SHA-1: 73b27e76ebe94f1cec236ff935d4e35fd6c012d9 SHA-256: 6955788e3c573a40ce2e14b09dbdbc4e1cabb2fefa807f5b31efc0b85cbdea6a

102 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic T1203 Exploitation for Client Execution

The file is an Excel document that attempts to lure the user into enabling macros by claiming it is necessary to view an image. This is a common social engineering tactic for malicious documents. Although VBA macros could not be extracted, the presence of ShellExecute and URLDownloadToFile API calls suggests the document is designed to download and execute a secondary payload. The specific family is unknown due to the inability to extract VBA.

Heuristics 3

Reference to URLDownloadToFile API critical SC_STR_URLDOWNLOAD

Reference to URLDownloadToFile API
Reference to ShellExecute API high SC_STR_SHELLEXEC

Reference to ShellExecute API
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

The Analyzer could not extract VBA macros: the document may be legacy, encrypted or malformed.

Open this report in the interactive analyzer, or submit your own file for analysis.