Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 d5c4606308369eb5…

MALICIOUS

Office (OLE)

60.0 KB Created: 2000-01-11 21:41:00 Authoring application: Microsoft Word 8.0
MD5: 0cabda0db8e4b689467d3ad2911df144 SHA-1: 347064669f159f496594af55fb2256b277e45024 SHA-256: d5c4606308369eb5569293e9ab5e33bf138afcd67d8d6a2bb74616aee7b5336e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an OLE document containing VBA macros, specifically triggering an AutoOpen macro. This indicates an attempt to automatically execute malicious code when the document is opened. The presence of a large VBA macro suggests it is likely designed to download and execute a secondary payload, a common technique for malware delivery. No specific family could be identified from the available evidence.

Heuristics 2

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
baa22eef5865124c75767b45cd6c77a00aadab746d11ace93b86f6d0e85d8a22		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 15536 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.