Malicious Office (OLE) / .BIN — malware analysis report

Static analysis result for SHA-256 b6abdc6818c5c24c…

MALICIOUS

Office (OLE) / .BIN

128.5 KB
MD5: 77120dd63d75765780055a81cdbddeea SHA-1: adfaf22609ad0d2c892b8f606130461ad773c323 SHA-256: b6abdc6818c5c24c2013e03dac7d19f74543d7b6afe0684b14362f3cd3e9ca4c
148 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1059.003 Windows Command Shell

The presence of VBA macros and a high-severity heuristic for clipboard command lures indicates that this document is designed to trick the user into executing commands. The 'SE_CLIPBOARD_COMMAND_LURE' heuristic specifically points to instructions that involve copying and pasting into a shell. The 'SC_STR_WSCRIPT' and 'OLE_VBA_CREATEOBJ' heuristics further suggest the use of Windows Script Host and object creation, common in macro-based malware delivery.

Heuristics 5

  • Reference to Windows Script Host high SC_STR_WSCRIPT
    Reference to Windows Script Host
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE
    Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Environ() call (env variable access) low OLE_VBA_ENVIRON
    Environ() call (env variable access)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
b4d9a8208396005c9ca376d787a75cc655fa13666fdc486dc0b8c6e7c8b39194		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 39621 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.