Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 bdfe2847ce26caad…

MALICIOUS

Office (OLE) / .XLS

71.5 KB Created: 2020-04-23 08:50:03 Authoring application: Microsoft Excel
MD5: 243f76857b4856be833810ca08499129 SHA-1: d28fdfdf6fa4dfbadda9ef2a37c7166d0d4997ac SHA-256: bdfe2847ce26caadddd779b4690763600f67f2f6b95dd69b0f8997fcc0aab84c
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059.001 PowerShell

The file is an XLS document containing VBA macros, as indicated by the OLE_VBA_MACROS heuristic. The SC_STR_WSCRIPT and OLE_VBA_CREATEOBJ heuristics suggest that the macros are designed to execute external scripts or commands, likely leveraging Windows Script Host. The macros themselves are obfuscated, but the presence of these indicators points towards a downloader or droppper functionality.

Heuristics 3

  • Reference to Windows Script Host high SC_STR_WSCRIPT
    Reference to Windows Script Host
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
0cb99f4cb7b5f3fecd61c90a3d048dbc81bcb2e4dc13020b064fdb641d452a91		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1199 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.