Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 b18915cbc0b494b3…

MALICIOUS

Office (OLE) / .XLS

1.57 MB Created: 2002-05-20 09:54:27
MD5: 1bd30b5914fed23b39dcbc2ef39c31f1 SHA-1: e9b98b48c2eb137ee9b329986ed9ae691d741d7b SHA-256: b18915cbc0b494b3489f7987c9bf71add7aac47be84daf2f4c7189a201f17f8c
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is an OLE Excel file with high-severity heuristics indicating the presence of VBA macros, specifically an Auto_Open macro. This suggests the file is designed to automatically execute malicious code when opened. While no specific URLs or scripts were directly extractable for detailed analysis, the presence of Auto_Open strongly implies a malicious intent, likely to download and execute a second-stage payload.

Heuristics 4

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.microsoft.com/office/2006/metadata/contentType
    • http://schemas.microsoft.com/office/2006/metadata/properties/metaAttributes
    • http://schemas.microsoft.com/office/2006/metadata/properties
    • http://www.w3.org/2001/XMLSchema
    • http://schemas.microsoft.com/office/2006/documentManagement/types
    • http://schemas.microsoft.com/office/infopath/2007/PartnerControls
    • http://schemas.openxmlformats.org/package/2006/metadata/core-properties
    • http://www.w3.org/2001/XMLSchema-instance
    • http://purl.org/dc/elements/1.1/
    • http://purl.org/dc/terms/
    • http://schemas.microsoft.com/internal/obd
    • http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsd
    • http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcterms.xsd
    • http://schemas.openxmlformats.org/officeDocument/2006/customXml
    • http://schemas.microsoft.com/sharepoint/v3/contenttype/forms

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
484b70d2ba4a7b30681f12fe6ddbe0f56be89738e2e5e066d9aaeddb560b4212		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 32011 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.