Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 80615a5587253827…

MALICIOUS

Office (OLE) / .XLS

53.5 KB Created: 2010-08-09 00:56:21 Authoring application: Microsoft Excel
MD5: cf3562090a152543e8ff010d1e6002d1 SHA-1: 50af4c3515883c7cfb57b54cf93b44fec5148b40 SHA-256: 80615a5587253827555823bcd9c6229c4ac71aca14a8a3dafe838670a473911b
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1547.001 Registry Run Keys / Startup Folder

The file is an Excel spreadsheet containing a malicious VBA macro. The macro is designed to execute automatically upon opening and copies itself to the Excel startup directory as 'StartUp.xls'. It also registers itself to run automatically, likely to ensure persistence. The macro's intent is to establish a foothold on the system for further malicious activity.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
9e8ce1401c4739b83f9e6a6842670f92d64e220d4214f18d0db5f915102b51a3		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1176 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.