Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 75f3ebbc82694d7e…

MALICIOUS

Office (OLE)

433.5 KB Created: 2011-10-06 01:13:41 Authoring application: Microsoft Excel First seen: 2015-02-17
MD5: 21da140231e2dd386f3a68ede4960e30 SHA-1: 72b47f5e9bf31d12f940f88a09e4087554b4d34b SHA-256: 75f3ebbc82694d7eac147a16fccb396b27ddc4c5e68c8b6f1f45aa47f9d6ebd5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.005 Visual Basic

The presence of an Equation Editor OLE object and an Excel 4.0 macro sheet are strong indicators of malicious intent, likely to exploit a vulnerability for client execution. The macro sheet suggests the use of older Excel macro functionality, which can be leveraged for malicious purposes. No specific family could be identified from the available evidence.

Heuristics 2

  • Equation Editor OLE object high CVE related OLE_EQUATION_EDITOR
    Contains Equation Editor object — related to CVE-2017-11882 / CVE-2018-0802 exploitation, but CLSID presence alone is not the malformed MTEF exploit primitive.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.