Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 a0b5052b505511a4…

MALICIOUS

Office (OLE) / .DOC

42.5 KB Created: 1996-09-02 18:42:00 Authoring application: Microsoft Word 8.0
MD5: 3944b47f076d29d147c44124606dc999 SHA-1: 2fa09e9b625fef02fcec8c4af25e59d6cae0eb97 SHA-256: a0b5052b505511a451059be86370e6c12bd9c8e53ee5848fc06c037175aee72e
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is a Microsoft Word document containing VBA macros, with both AutoOpen and Auto_Close macros detected. The presence of these macros, combined with the 'malicious' verdict, strongly suggests an attack pattern involving macro-based execution of arbitrary code. No specific family could be identified from the available evidence.

Heuristics 3

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
b352c5d9453f2eaa0f2ef881a5923d066de264da0c8078d41bdd1e8c72c86b02		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2279 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.