Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 8c0f2f4e31e860b8…

MALICIOUS

Office (OLE) / .XLS

268.0 KB Authoring application: Microsoft Excel
MD5: 2e0bdd473f0eeb37d79de24ee4be11e7 SHA-1: f93398872471da62ce34cc8be4488d1088718855 SHA-256: 8c0f2f4e31e860b8ef9357cb3eabb5b73ade9c1b6eb34a0adbac9df33f9e6985
68 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The critical ClamAV heuristic identified the file as 'Xls.Dropper.Agent-1828470', indicating it functions as a dropper. Although the VBA project contains no executable statements, the file's classification strongly suggests it is intended to download and execute a second-stage payload. The presence of this dropper functionality points to a malicious intent to compromise the user's system.

Heuristics 2

  • ClamAV: Xls.Dropper.Agent-1828470 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.Agent-1828470
  • VBA project contains no executable statements low OLE_VBA_MACROS
    Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
481031c20227961d1e7d207d0bb17c79a9001efbdb37ac509a4ff93acb047bf0		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 606 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.