Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 778a436318f0d0cb…

MALICIOUS

Office (OLE)

134.5 KB Created: 2004-02-11 11:43:51 Authoring application: Microsoft Excel
MD5: 4c6ae61afd05e456891977806354479a SHA-1: 8fbf16620185c46f367700edc62ef621d855a58d SHA-256: 778a436318f0d0cbdc84f883afba9434dab6b5a518e2f429807f117b40e962f9
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Excel document containing a VBA macro with an Auto_Open subroutine, which is a common technique for executing malicious code upon opening. The heuristic firings and the presence of VBA macros strongly indicate malicious intent. The macro's obfuscated code suggests it is designed to download and execute a secondary payload, aligning with the 'Doc.Trojan.Incendi-1' ClamAV detection.

Heuristics 3

  • ClamAV: Doc.Trojan.Incendi-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Incendi-1
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
9e90768c37714375ca8676f242d706b9c597b3a6a51183c20a4f87f4858752c8		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 5493 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.