Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 a1bbbb1401cdb71d…

MALICIOUS

Office (OLE) / .EXE

58.0 KB Created: 1999-05-19 12:20:57 Authoring application: Microsoft Excel
MD5: df651725a53413071624958abb459449 SHA-1: 89282cbb623be09d778d89264817a24b03f7270f SHA-256: a1bbbb1401cdb71dd717dc9de1eafb2ef3c82f696c34178a202aa2e68a07c5a9
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel OLE document containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening the document. The presence of the Auto_Open macro strongly suggests an attempt to automatically run malicious code, likely for further payload delivery or system compromise. No specific IOCs were extracted beyond the macro itself.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
a71ef0395326bec0423bd8cb7da4a2b03736916ce85efe10425b99c15e6fa562		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 4332 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.