Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 c6dfdc6bf20f4475…

MALICIOUS

Office (OLE) / .XLS

5.67 MB Created: 1997-07-30 15:09:21 Authoring application: Microsoft Excel
MD5: c4a1127d10adb27973338cbe4c7dcb09 SHA-1: b4577f2e6c65863adc6f3f6519bb5863621dbee9 SHA-256: c6dfdc6bf20f4475aaff3c8018800c58658fdfedd119e6350acdb55bcb29e306
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing a large VBA macro, specifically triggered by the Workbook_Open event. This indicates an attempt to execute malicious code automatically when the document is opened. While the document body contains what appears to be product listings, the presence and type of macro strongly suggest a malicious intent, likely for delivering a secondary payload or performing other harmful actions. No specific family could be identified due to the lack of further script analysis.

Heuristics 3

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
aa205c981ff714fb44848533c3710a6873d9bca3e1b504e0379439ee76c88b6f		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 72950 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.