Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 7d1ae87aa9c4905b…

MALICIOUS

Office (OLE)

23.5 KB Created: 2021-07-07 06:48:51 Authoring application: Microsoft Excel
MD5: eda1c8dc942d56f20c214fd832fe035c SHA-1: b7f6558b27519fdc566d9a18022eeb1da1b5537c SHA-256: 7d1ae87aa9c4905b7ae19cbcc3723231b15c62426ef771358b476ce136fcf1c7
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel document containing a VBA macro that is automatically executed upon opening. The Auto_Open macro calls DllInstall with a URL, indicating it is designed to download and execute a second-stage payload from the specified address. The reconstructed URL is http://185.140.53.164:4444/jefe/uploads/Excel.sct.

Heuristics 3

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://185.140.53.164:4444/jefe/uploads/Excel.sct

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
f6287c7d4af0ea73c2356f9084b24825bf1b81823ec623f636a597925f94cba1		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2074 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.