Office (OLE) / .XLS malware analysis — malicious · 76e038bfeed37652

MALICIOUS

Office (OLE) / .XLS

165.0 KB Created: 2014-03-03 23:01:47 Authoring application: Microsoft Excel

MD5: d84e77336ccedc4e48a9f2439b56ec18 SHA-1: 6a9d37726b8954dbb285be4595df17814d59e44c SHA-256: 76e038bfeed37652cbc02b18bec95f219acb57544dc20d2b185d033fb1b39bde

62 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1059.001 PowerShell

The presence of VBA macros and a CreateObject call strongly suggests the execution of malicious code. The embedded URLs are likely used to download and execute a second-stage payload. No document body text was available for analysis, so the specific lure cannot be determined.

Heuristics 3

CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — context-specific rules above attribute URLs they actually evaluated; this rule lists URLs that were present in the bytes but were not otherwise tied to a specific finding.
URL https://www.mercergimd.com/secure/product/vehicledetails.asp?1=
- https://www.mercergimd.com/secure/product/vehiclefees.asp?1=�
- https://www.mercergimd.com/secure/product/vehiclefees.asp?1=

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `0a8eead1e73287a691a458e8544cc5d487a2dd8df5b2fabb3641e002d8d4be20`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1908 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.