Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 80d931d0b91e8c6f…

MALICIOUS

Office (OLE)

85.0 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel
MD5: ab3b96bafd4a387be0f03317d218d14f SHA-1: 769bf624ef5c8d5502ccca0c2c2b5aea0641f455 SHA-256: 80d931d0b91e8c6f24cb1e4b7f343432f6d25c649105e4cf9e9947230c110d45
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1203 Exploitation for Client Execution

The sample is an Excel file containing VBA macros. The macros utilize `CreateObject` and `ShellExecute` to run commands, indicating an attempt to download and execute a secondary payload. The specific command executed is obfuscated but involves concatenating strings to form the arguments for `ShellExecute`.

Heuristics 3

  • Reference to ShellExecute API high SC_STR_SHELLEXEC
    Reference to ShellExecute API
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
0c2b428942c411ee568727bd4b8b26db19be04b700e1e52b93345cf638fb43da		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1532 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.