Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 6af7313668c07a22…

MALICIOUS

Office (OLE) / .XLS

246.0 KB Created: 2020-09-14 21:28:14 Authoring application: Microsoft Excel
MD5: 33f3c2831524d5749a84003a98d593fc SHA-1: 098e2525d05f61e6ad42e886517e5db0f3c8641b SHA-256: 6af7313668c07a22521619be4d558355c3ccf296c2ea5d3b81c7c5ddfad0bc9f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an encrypted Excel 4.0 macro sheet, which is a strong indicator of malicious intent. The presence of an 'AUTOOPEN' macro suggests that the malicious code executes automatically upon opening the document. This technique is commonly used for initial access through spearphishing attachments.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.