Office (OLE) / .XLSX malware analysis — malicious · c0c746d73e4b8e18

MALICIOUS

Office (OLE) / .XLSX

264.0 KB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel

MD5: e0fdb850a97ed61899254f0f0f427dbb SHA-1: 82cfee3931e9f2eda64c2cd22f79ef388e3c3c66 SHA-256: c0c746d73e4b8e18f1dd69906d6a260bab00f57cb8532855db0f09c668fb3d8b

128 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The file contains VBA macros, indicated by the OLE_VBA_MACROS heuristic. The SE_INVOICE_LURE heuristic suggests a social engineering pretext related to invoices or payments. The SC_STR_SHELLEXEC and OLE_VBA_CREATEOBJ heuristics indicate that the macros likely attempt to execute external commands or scripts, a common technique for downloading and running further malicious payloads.

Heuristics 5

Reference to ShellExecute API high SC_STR_SHELLEXEC

Reference to ShellExecute API
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Fake invoice / payment lure low SE_INVOICE_LURE

Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `6bfdb91d1cc89994901e46205bbfc77e0e2b2813dfedd83118d10634e92a2d22`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1314 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 shell/COM execution token(s).

Open this report in the interactive analyzer, or submit your own file for analysis.