Office (OLE) malware analysis — malicious · bfbcce0ab66f5584

MALICIOUS

Office (OLE)

353.0 KB Created: 2020-07-21 07:21:33 Authoring application: Microsoft Excel First seen: 2020-09-07

MD5: b330204347e8876fb282ecd57c95f1bc SHA-1: 68956424fc8edf5b2f434dcb6d31e6ed7b34e183 SHA-256: bfbcce0ab66f55841e87d1516190c7199ab5b1f2dda3c2c3792f4f08eb973fa2

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel 4.0 macro sheet, identified as encrypted and containing an auto-open macro. This indicates the file is designed to execute malicious code automatically upon opening. The lack of readable document body text or scripts makes it difficult to determine the exact payload or final objective, but the presence of XLM macros strongly suggests an execution vector.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.