Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 bd8e6932502ff66c…

MALICIOUS

Office (OLE) / .XLS

195.0 KB Created: 2010-03-04 14:30:20 Authoring application: Microsoft Excel
MD5: 30ec36cf264840675d52ba89f23f0c25 SHA-1: 31c9abe7b536f27835f4439343b0a7245ce6420d SHA-256: bd8e6932502ff66cabc1a3f1b4f5b993f28a1405e6062b91ba9cf113adc069e9
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications T1059.001 PowerShell

The sample is an Excel file containing VBA macros, indicated by the OLE_VBA_MACROS heuristic. The DOC BODY text suggests a social engineering lure, presenting itself as a report corrector for financial documents and instructing the user to enable macros. The OLE_VBA_CREATEOBJ heuristic further confirms the presence of potentially malicious macro functionality. No specific IOCs like URLs or hashes were extracted, but the presence of macros and the social engineering pretext are strong indicators of malicious intent.

Heuristics 2

  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
9d7459e35a7792c61ea8973131142ce689143e08fd91209b446f5e2864d72a84		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 38433 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.