Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 c0767c6aedd84baf…

MALICIOUS

Office (OLE) / .XLS

3.92 MB Created: 2003-08-20 15:07:51 Authoring application: Microsoft Excel
MD5: 3dd3afceebdc23cdfb8977f1bc57cc9a SHA-1: d466b00fa7120df5d71b0d17eefdb4b7df2c687a SHA-256: c0767c6aedd84baf37f5d93985e0abe7182309f4c953038a5bb868fdecae8449
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing a large VBA macro. The presence of Workbook_Open and Auto_Open macros indicates that malicious code is designed to execute automatically when the file is opened. While no specific payload URLs or commands were extracted, the macro itself is the primary indicator of malicious activity, likely serving as a downloader or initial execution vector.

Heuristics 4

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.devguru.com/Technologies/xmldom/quickref/obj_node.html
    • http://schemas.openxmlformats.org/drawingml/2006/main

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
b62382a3b6ce7ffc3a91baf37a294e5b65b3e26c35ec9a9683883293b4df946e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 179464 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.