Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 7abf613682d4e914…

MALICIOUS

Office (OLE) / .EXE

91.0 KB Created: 1998-10-07 21:03:04 Authoring application: Microsoft Excel
MD5: 8057ba160262a22235c8f84100414ccf SHA-1: d5794d192aabe75717a9917cb11ebda91b700ee9 SHA-256: 7abf613682d4e914b9510904a91e434d80d170b9b6edae73e4a5de6dbd939b59
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an executable disguised as an Office file, containing VBA macros and specifically an Auto_Open macro. This indicates a likely attempt to deliver a malicious payload when the file is executed or opened. The presence of an Auto_Open macro is a strong indicator of malicious intent, commonly used to initiate further stages of an attack. No specific family could be identified from the available heuristics.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
c82f02d2577936e4269d0c18b9de73eb2a23a77459d476d75a9ba86840e6357a		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2826 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.