Malicious Office (OLE) / .DOCX — malware analysis report

Static analysis result for SHA-256 be3e25c828f3fffb…

MALICIOUS

Office (OLE) / .DOCX

41.0 KB Created: 2001-03-07 12:11:00 Authoring application: Microsoft Word 8.0
MD5: 40e03867f6d223d4305e82b17c49d49d SHA-1: 7181768ae478be1749e96056419b859226f74626 SHA-256: be3e25c828f3fffb905476efde64fbb4aa92eac361ae9b552387087dce564b0b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample contains VBA macros, specifically an AutoOpen macro, which is a common delivery mechanism for malware. The script displays a deceptive message to the user, claiming they are infected and threatening to lock their document unless they answer 'yes' to a question about being a student. If the user does not comply, the document is saved with a password 'Saya!'. This suggests a social engineering attack aimed at either coercing the user or encrypting their data.

Heuristics 2

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
4fb04de3dcab8ac2aff0984ae6e0f1b386af101069fc9327f8f56254d90f830f		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1221 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.