Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 a908acf29dde8279…

MALICIOUS

Office (OLE) / .XLS

1.33 MB Created: 2002-05-20 09:54:27
MD5: 6a5b15d9e6bb033e46489be8cdd09849 SHA-1: c67e28a3dc3bd24b3013ed445e961dac2bc40905 SHA-256: a908acf29dde8279b28c8b1b15892cf602a90a0d387b904176d63d7eac0203b9
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The presence of VBA macros, specifically an Auto_Open macro, indicates that the file is designed to execute code automatically when opened. While no specific URLs or commands were extracted, the high heuristic scores for VBA macros and Auto_Open suggest a malicious intent, likely to download and execute a second-stage payload. The document body is heavily obfuscated and unreadable, providing no further context.

Heuristics 4

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.microsoft.com/office/2006/metadata/contentType
    • http://schemas.microsoft.com/office/2006/metadata/properties/metaAttributes
    • http://schemas.microsoft.com/office/2006/metadata/properties
    • http://www.w3.org/2001/XMLSchema
    • http://schemas.microsoft.com/office/2006/documentManagement/types
    • http://schemas.microsoft.com/office/infopath/2007/PartnerControls
    • http://schemas.openxmlformats.org/package/2006/metadata/core-properties
    • http://www.w3.org/2001/XMLSchema-instance
    • http://purl.org/dc/elements/1.1/
    • http://purl.org/dc/terms/
    • http://schemas.microsoft.com/internal/obd
    • http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsd
    • http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcterms.xsd
    • http://schemas.openxmlformats.org/officeDocument/2006/customXml
    • http://schemas.microsoft.com/sharepoint/v3/contenttype/forms

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
612d60a846a85d9d25969f25ec5677d39a7d2a469a05f7556d658017b1f0b192		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 32071 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.