Office (OLE) malware analysis — malicious · 79017f71b8e7be3c

MALICIOUS

Office (OLE)

1.46 MB Created: 2008-03-03 08:15:47 Authoring application: Microsoft Excel

MD5: 0b6319f27356d302bb95219c8582fcc3 SHA-1: 6133251514b4d9ce30bbdaf9806f48a25cba9a46 SHA-256: 79017f71b8e7be3cf71f35befff7b51436ab60b36df5a9fb92af0dd671db715e

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1059.001 PowerShell

The sample is identified as a malicious Excel file due to the presence of legacy Excel 4.0 (XLM) Auto_Open macros and a specific family marker 'XL4Poppy'. These macros are known to be used for executing arbitrary code, often to download and run further malicious payloads. The document body contains what appears to be financial or expense-related entries, which could serve as a lure to encourage users to open and interact with the malicious content.

Heuristics 2

Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPEN

Workbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUS

Workbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.

Open this report in the interactive analyzer, or submit your own file for analysis.