Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 a49bb6f6be5b597c…

MALICIOUS

Office (OLE) / .XLS

138.0 KB Created: 2021-08-09 13:30:37 Authoring application: Microsoft Excel First seen: 2022-02-22
MD5: 92a78894568e2e7869ef7ec454c52db3 SHA-1: 6987e216d2b7477f593569576babbb499aab2e94 SHA-256: a49bb6f6be5b597cd7ac592faa01f857060f3694c1bed69f8c8c0cc029b70069
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing a Workbook_Open VBA macro, a common technique for initiating malicious activity upon opening. The macro itself is heavily obfuscated, making it difficult to determine its exact function, but its presence and the heuristic firing indicate a high likelihood of malicious intent. The obfuscation prevents a confident determination of the specific payload or family.

Heuristics 2

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
6639e425194b1f02b211c9dba1fb727d98f625c81b6464eb045d5e1a94487019		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 137021 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.