Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 b95cbe0e0d4f4099…

MALICIOUS

Office (OLE)

728.5 KB Created: 2020-05-26 18:46:28 Authoring application: Microsoft Excel First seen: 2020-08-10
MD5: 8e2cd62688ea70faa10194ebb9c98bba SHA-1: e5ff7b4897798e5c9aafdffa1120edf1dd3d85ad SHA-256: b95cbe0e0d4f4099ab729c0e8f3d498679ad8ac831c9d72237d6eeebcfbe364f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The presence of an encrypted Excel 4.0 macro sheet (OLE_XLM_ENCRYPTED_MACROSHEET) indicates that the file is likely intended to run malicious macros. The auto-open heuristic further supports this, suggesting an attempt to execute code immediately upon opening the spreadsheet. The document body was truncated and unreadable, preventing further analysis of its specific lure.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.