Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 7904e73defa12c22…

MALICIOUS

Office (OLE) / .XLS

112.0 KB Created: 2021-10-08 09:36:50 Authoring application: Microsoft Excel
MD5: 7c05adf036c6086367e8963e989ac6f8 SHA-1: 4c255ea7ba6e67add64061820561e6912a14d949 SHA-256: 7904e73defa12c220cdc04d059cfc8acf3ae96dad41c7bb26381f076f17004cf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel spreadsheet containing VBA macros. The Auto_Open macro is present and uses a ScriptControl object to execute embedded JavaScript. The JavaScript code itself is not directly visible in the provided excerpt, but the VBA structure indicates it is designed to run arbitrary code. This suggests the macro's purpose is to download and execute a second-stage payload. The high-confidence heuristic for Auto_Open and the presence of VBA macros strongly support this attack pattern.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
6de555a615006d9d7adb44182bc1b8a9616d1aff27b4d5ea256771bc0a3ed8ea		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1674 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.