Malicious Office (OLE) / .PPT — malware analysis report

Static analysis result for SHA-256 8de6b3a314465c3e…

MALICIOUS

Office (OLE) / .PPT

81.5 KB Created: 2021-07-18 18:49:40 Authoring application: Microsoft Office PowerPoint
MD5: 68ab9216c057c5e387de71cb9403acaa SHA-1: bf50b907ef74d6935b167de25d5d26ac12259e13 SHA-256: 8de6b3a314465c3ed99905e234510ababc26621ed1170f3a1a3c98533cda3165
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059.001 PowerShell T1204.002 Malicious File

The presence of an Auto_Open macro and references to CreateProcess indicate malicious intent. The VBA script constructs a URL from embedded strings and appears to download and execute a second-stage payload. The obfuscated nature of the script and lack of specific indicators prevent definitive family attribution.

Heuristics 3

  • Reference to CreateProcess API high SC_STR_CREATEPROCESS
    Reference to CreateProcess API
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
054f3da76ee293c8e53d11712de84ade7ab1b34222b2af185983e09822c3b5e7		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 5647 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.