Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 d59a855bf4fe5d54…

MALICIOUS

Office (OLE) / .XLS

398.5 KB Created: 2002-10-24 17:02:22 Authoring application: Microsoft Excel
MD5: c25ab33ecdcddbe57ce980bac75530c0 SHA-1: 452faf15c0d34e0fe89db174c0a3d60832fd53c6 SHA-256: d59a855bf4fe5d54d91211559f991ad2f7fe2691e0345dd44f04fd6168fa9084
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications T1566.002 Spearphishing Attachment

The file is an Excel spreadsheet containing VBA macros, specifically a Workbook_Open macro, which is a common technique for initial execution. The document body presents a fabricated financial report, suggesting a social engineering lure to trick the user into enabling macros. No specific IOCs were extracted, and the macro content was not detailed enough to determine its exact payload or persistence mechanisms.

Heuristics 2

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
592270ff08187ea6f61b1f76e3bfa9f2e9a7327bb4b92af596e98c48199a1e93		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 10196 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.