Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 a62c683afa7adc5c…

MALICIOUS

Office (OLE)

65.5 KB Created: 2007-01-18 11:44:10 Authoring application: Microsoft Excel
MD5: 843ffe36d421321239a12354b6c9cc73 SHA-1: 99a88b0f9158534d7a5e2e4bb5730613679bc9e6 SHA-256: a62c683afa7adc5cf69f418e9ad9fd2d976248282bdb036bfffa8343bc3293ff
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1546.003 Event Triggered Execution: Windows Management Instrumentation

The file is an Excel document containing VBA macros, specifically a Workbook_Open macro, which is a common technique for executing malicious code upon opening. The document body contains what appears to be a report with product details and a message in Russian, potentially to trick the user into opening the file. No specific IOCs were extracted, but the presence of the Workbook_Open macro strongly suggests malicious intent.

Heuristics 2

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
c67ea6647e160c65bf9c80a2b0c95143796045f5ada150b2361e58b4b3706fe2		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 11545 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.