Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 77c5417acc71fa3b…

MALICIOUS

Office (OLE)

368.0 KB Created: 2011-10-26 00:34:37 Authoring application: Microsoft Excel First seen: 2015-09-30
MD5: 97e6f0b1cc4b23e1e567e4b106f30310 SHA-1: e99debaa8f3be0c143bfb3582779e86a6617d7a6 SHA-256: 77c5417acc71fa3b8131bc4c9cb1cfc27e7801ef5cd2c88fa646acffb48374a2
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1203 Exploitation for Client Execution

The presence of an Excel 4.0 macro sheet with an 'auto_open' function, combined with a heuristic firing for Windows Script Host, strongly suggests the execution of malicious code. The macro is likely designed to download and execute a secondary payload, a common technique for initial compromise.

Heuristics 2

  • Reference to Windows Script Host high SC_STR_WSCRIPT
    Reference to Windows Script Host
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.