Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 95e5faf4983f2204…

MALICIOUS

Office (OLE) / .XLS

604.0 KB Created: 2024-05-17 02:48:43 Authoring application: Microsoft Excel
MD5: 7d8f27e38a00020b6af52f2b94a12e00 SHA-1: db0e735ad5b257419d4c95a78236bdb2708ed29a SHA-256: 95e5faf4983f22048aacd9c3eb8ca8893b62db6eb5752251231b888a2fc2d4fc
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic T1059.001 PowerShell

The file is an Excel spreadsheet containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening. The document body presents financial data, likely as a lure to trick the user into enabling macros. The presence of an Auto_Open macro strongly suggests the intent is to download and execute a secondary payload. ClamAV detection further confirms its malicious nature.

Heuristics 3

  • ClamAV: Xls.Virus.Valyria-10004391-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Virus.Valyria-10004391-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
5849204f154b168b0ee8208761ee7482e84a0e6e27530c6656a1cc2b412caf03		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2363 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.