Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 bdf75e7908ef1f94…

MALICIOUS

Office (OLE) / .XLS

3.44 MB Created: 2007-12-30 02:30:50 Authoring application: Microsoft Excel
MD5: 13ed70a5d29cfd8f04d613c1ccd8581f SHA-1: 0d702e30350f090ff378b587c9eee0f02538e707 SHA-256: bdf75e7908ef1f944e7bebeb840be975af2d10aca68cf88b48f4d0784a143570
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.002 Spearphishing Attachment

The file is an Excel spreadsheet containing VBA macros, specifically an Auto_Close macro, which is a common technique for executing malicious code upon file closure. The presence of VBA macros and the Auto_Close heuristic strongly suggest an attack pattern involving macro-based execution. While the document body appears to be financial or administrative in nature, the heuristics indicate malicious intent. The VBA macros are likely responsible for downloading and executing a second-stage payload.

Heuristics 2

  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
3d06ca70c5cf3893cdd98d4aabce2c4ce46bd0071644b0209d5e7da86a9fac6c		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2467 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.