Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 a7823295726301f0…

MALICIOUS

Office (OLE) / .XLS

37.0 KB Created: 2007-11-08 03:02:32 Authoring application: Microsoft Excel
MD5: 1fa48128632780813e152d533cdddfaa SHA-1: b02f38375a4cc83f2951b9c9c865e3ef2589181b SHA-256: a7823295726301f0d20df80e9d7391f94da788254cfeedc42d301c86e97dece5
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Excel spreadsheet containing a VBA macro. The 'Auto_Open' macro indicates that the malicious code executes automatically when the document is opened. ClamAV detected this as 'Doc.Macro.Laroux-5893719-0', suggesting it belongs to a known macro-based malware family. The document body content is minimal and does not provide further clues on the specific lure.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
b35f884f1ab3c6e6c1dbe2d6db716dba0e1ebba6f7c888a0fd88da628484a892		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1912 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.