Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 b7e622d1dc9b3ace…

MALICIOUS

Office (OLE) / .XLS

1.14 MB Created: 2007-06-12 16:12:52 Authoring application: Microsoft Excel
MD5: 6f087e152dbf4b15e70e817b3386e166 SHA-1: 8d492444d91c04d8212e99a3d18d6938d63e190e SHA-256: b7e622d1dc9b3ace406624b27e06347ea309b1bb2d75cdd30eed0f9de8f521dc
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing a large VBA macro, triggered by the Auto_Open function. This indicates an attempt to execute malicious code upon opening the document. The ClamAV detection as 'Xls.Virus.Valyria-10004391-0' further confirms its malicious nature. The macro's likely purpose is to download and execute a secondary payload, a common technique for initial compromise.

Heuristics 3

  • ClamAV: Xls.Virus.Valyria-10004391-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Virus.Valyria-10004391-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
e538b19efeea4079cccb552f0d271cfd06e53dea0bbce6b4139c83fed4041abb		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 183634 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.