Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 97d71c5a9409dbd4…

MALICIOUS

Office (OLE)

108.5 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel
MD5: 35eefdbdd369f569ae24630ea988b2bf SHA-1: 78742596e9c3ea15442ebab908724b6b7d8a4925 SHA-256: 97d71c5a9409dbd4f3a4b531534cdab3835f6edf240a5599c04c1fe54b036131
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The file is an Excel document containing VBA macros, with a specific Auto_Open macro detected. The document body presents a work report, which is a common lure to trick users into enabling macros. The presence of the Auto_Open macro suggests an attempt to automatically execute malicious code upon opening the document, likely for downloading a second-stage payload. The ClamAV detection 'Doc.Macro.Laroux-5893719-0' further confirms its malicious nature.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
95284a1df20d24141e74fc5f90bb5fe28ffce0cff038baeea25e9341411d06a3		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 5472 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.