MALICIOUS
148
Risk Score
Malware Insights
MITRE ATT&CK
T1059.003 Windows Command Shell
T1059.001 PowerShell
The sample contains VBA macros, indicated by the OLE_VBA_MACROS heuristic. A high-severity heuristic, SE_CLIPBOARD_COMMAND_LURE, flags that the document explicitly instructs the user to copy and paste content into a command-line execution context. This is further supported by the OLE_VBA_GETOBJ heuristic, suggesting the use of GetObject to potentially execute commands. No specific malware family could be identified, but the overall pattern suggests a downloader or initial execution stage.
Heuristics 5
-
GetObject call high OLE_VBA_GETOBJGetObject call
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Suspicious extracted artifact high EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
VBA macros detected medium OLE_VBA_MACROSDocument contains VBA macro code
-
Environ() call (env variable access) low OLE_VBA_ENVIRONEnviron() call (env variable access)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.basf2dba5d37c8d7f31f42cec43fd2bbb5f61dc2b08f8cda6083a219317f4cf5c48 |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 30768 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 26 Chr/ChrW string-construction calls.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.