Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 c18325fae9a258d4…

MALICIOUS

Office (OLE) / .EXE

36.0 KB Created: 1998-05-15 14:20:02 Authoring application: Microsoft Excel
MD5: b16cbf26f1b5460087513547314b79b0 SHA-1: 53a00452726ad355497db9cd4493107b9bc2695d SHA-256: c18325fae9a258d46ad5c0adccfc7019b5de665515db4a7eff44ed9ec6f9c357
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an OLE executable containing VBA macros, including an Auto_Open macro. This indicates a likely attempt to deliver a malicious payload through an Office document, leveraging the Auto_Open function to execute code immediately upon opening. No specific IOCs were extracted, but the presence of the Auto_Open macro is a strong indicator of malicious intent.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
fe036ef30908a8b682972d59265c44f33401ed322cd749e4aeaf96f3448ae3e7		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1902 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.