Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 9528ade7ffc1a6a4…

MALICIOUS

Office (OLE) / .XLS

198.5 KB Created: 2019-06-03 01:31:10 Authoring application: Microsoft Excel
MD5: cbbed24ca30bbb3a728795fc08e8fa2a SHA-1: 1e82d6782ba76b252f3b22885b8a6fcab7dac19c SHA-256: 9528ade7ffc1a6a4f29c67f14699b560149ae871820481c3415eca999b0e5cc7
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059.001 PowerShell T1204.002 Malicious File

The file is an Excel spreadsheet containing malicious VBA macros, as indicated by the OLE_VBA_MACROS and OLE_VBA_CREATEOBJ heuristics. The ClamAV detection 'Xls.Malware.Emeka-10012113-0' strongly suggests malicious intent. The document body presents itself as a payroll or benefits calculation, a common lure for social engineering. The VBA macros are likely responsible for executing the malicious payload, although the specific actions are not detailed in the provided heuristics.

Heuristics 3

  • ClamAV: Xls.Malware.Emeka-10012113-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Malware.Emeka-10012113-0
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
a14e9abef9c06ad41dfbd40d67286ff8660ecb0371a0dd9735402273d156ca9d		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 5637 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.