Office (OLE) / .XLS malware analysis — malicious · 894972d5708231fe

MALICIOUS

Office (OLE) / .XLS

187.0 KB Created: 2020-11-09 01:16:41 Authoring application: Microsoft Excel

MD5: d33e0d7ea7cb6f9cabbb392896c6f959 SHA-1: 1245d5ffe5797d652e4c854242635e46330a3a30 SHA-256: 894972d5708231fe96bb34a105a17b63781c389007aa7327e09e3a167a44cf3a

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet that is encrypted, which is a strong indicator of malicious intent. The presence of an 'AUTOOPEN' macro further suggests that the sheet is designed to execute automatically when opened. No specific URLs or executable payloads were extracted, limiting the ability to determine the exact nature of the attack.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.