Office (OLE) / .XLSX malware analysis — malicious · 9fe463279a56eac8

MALICIOUS

Office (OLE) / .XLSX

1.62 MB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel

MD5: f57c4688bb94e317f3b25d80dcf6e275 SHA-1: bc19ced1d64f3549272ac96908e8528998f1037a SHA-256: 9fe463279a56eac8e91f320e2ce53ab1ed7b34f6608da3ce1e10c0147c9c61bd

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing VBA macros. A heuristic indicates the document instructs the user to enable macros, a common lure. The presence of CreateObject and CallByName calls within the VBA code suggests dynamic execution of commands or objects, typical for downloading and executing further stages. No specific family could be identified, and no IOCs were directly extracted from the document body or scripts.

Heuristics 4

CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
CallByName call high OLE_VBA_CALLBYNAME

CallByName call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `b467d81e99f59c0059f5aaf05cf5899a6171053d06319f771455ab0e8e14aa93`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	3218 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.