Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 aefe072f6e2a97ce…

MALICIOUS

Office (OLE) / .XLS

220.5 KB Created: 2020-10-12 13:04:16 Authoring application: Microsoft Excel
MD5: 85aee3698a84f8c3472c59e68703b1b8 SHA-1: 1966a61827a3ea11b9e38971f04b48b4982a91ff SHA-256: aefe072f6e2a97cea6333f017f48adb186ca552338c2c6fbbff77f84f4d0f4b7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications T1219 Remote Access Software

The file contains VBA macros, indicated by the OLE_VBA_MACROS heuristic. The OLE_VBA_GETOBJ heuristic suggests the macros are attempting to use the GetObject function, which can be abused to execute arbitrary code. The obfuscated nature of the extracted DOC BODY content, combined with the presence of VBA macros, strongly suggests the intent is to download and execute a secondary payload. Without further analysis of the macro code itself, the specific family remains unknown.

Heuristics 2

  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
13e30700a93e1c1a1f9f176c73f499f1bb57161352e56fe511aaa2a6710c752e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2907 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.