Office (OLE) / .PPT malware analysis — malicious · 896c68eb86e8ab5e

MALICIOUS

Office (OLE) / .PPT

57.0 KB Created: 2025-01-02 08:47:01 Authoring application: Microsoft Office PowerPoint First seen: 2026-03-13

MD5: 9ed0f98a04029e8e2a0bcc1c3e8b7897 SHA-1: d4bb7093904d880715bde14d5d284f4746346228 SHA-256: 896c68eb86e8ab5e7a6967a1d86c42e38b6dfb8c0bd57d5ee3549e2ac885a582

62 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The presence of an Auto_Open VBA macro indicates that the malicious content will execute automatically when the PowerPoint file is opened. The macro attempts to open a URL which likely serves as a download location for a second-stage payload. The extracted URL is http://locaplayz.info/tihRiVEewMOgm6UN/fDPlz6QNjof30IVTzyMlLW261LZtf2kN3fFVrEmIP9byeiQX.pptm.

Heuristics 3

Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://locaplayz.info/tihRiVEewMOgm6UN/fDPlz6QNjof30IVTzyMlLW261LZtf2kN3fFVrEmIP9byeiQX.pptm�
- http://locaplayz.info/tihRiVEewMOgm6UN/fDPlz6QNjof30IVTzyMlLW261LZtf2kN3fFVrEmIP9byeiQX.pptm

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `71557a902d6b02b76e5caeea59a377345390b992f59ca06b274af576aad7d3ab`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	457 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.