Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 ac8236c124fccb3b…

MALICIOUS

Office (OLE) / .XLS

90.0 KB Created: 1998-09-29 01:52:48 Authoring application: Microsoft Excel
MD5: f5e3d9e542cf29a7621be3e7365a2045 SHA-1: 04b4a55fcdd9bdb05f54dc162e9e68d370d5390f SHA-256: ac8236c124fccb3b9fad83212580b8c736612c24e5554a5e7d3bbb4d5538a20e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The presence of an Auto_Open VBA macro in an Excel spreadsheet indicates an attempt to automatically execute malicious code upon opening. The document body text, which appears to be Korean and relates to proofreading or corrections for May 2010, serves as a lure to encourage macro execution. The VBA macros are likely designed to download and execute a second-stage payload, although the specific actions are not detailed in the provided evidence.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
ce70d2e7d41fa8fb1e8ba5674d1cda70f1d1b298d498f8e381bb46e8637e5c83		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3057 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.