Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 7244b1ff4c75dd52…

MALICIOUS

Office (OLE)

122.5 KB Created: 2020-07-01 09:47:51 Authoring application: Microsoft Excel First seen: 2020-07-24
MD5: ecbe835a3983ef99aab580bbf6039483 SHA-1: 6361a4bd007e34231c0174e1339d42c64dd039de SHA-256: 7244b1ff4c75dd52dc0d4af98f767bdedc21a7830ea24e712d7abbc2cc23c2fe
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet that is encrypted, preventing further static analysis of its contents. The presence of XLM macros and the encryption suggest an attempt to hide malicious functionality, likely involving code execution or payload delivery.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.