Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 c596ed1189641b3c…

MALICIOUS

Office (OLE)

126.5 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel
MD5: cc90c7a9088c127a650ae5b3725708c0 SHA-1: 2cd62dde1809ce9e30f6ab553077fe1e445c7020 SHA-256: c596ed1189641b3cfa5b7e56917caf1d4abf544db297d8bf536486eed73dd5bd
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Office document containing VBA macros, specifically an Auto_Open macro, which is a common technique for initial execution. ClamAV detected this as 'Doc.Macro.Laroux-5893719-0', indicating a known macro-based threat. The document body presents a work report template, likely intended to trick the user into enabling macros to view or complete the report, thereby triggering the malicious script. No specific family could be identified, but the execution flow is consistent with a macro-based downloader.

Heuristics 3

  • ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
e9801bef61dd481a32b4da851c61331e9e6c79fb13eeeca6f8304240cb334267		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1567 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.