Office (OLE) / .XLSX malware analysis — malicious · db597f3d10343752

MALICIOUS

Office (OLE) / .XLSX

1.62 MB Created: 2015-06-05 18:17:20 Authoring application: Microsoft Excel

MD5: e083530b402f27e209d62c7316fc84b2 SHA-1: 39f1b44f1ff5ad4e71120a3f038d2b5d76d01e8f SHA-256: db597f3d103437526caacd237f6845a693cdfd0205b494685b691c6b6e958fa6

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is an Excel spreadsheet containing VBA macros. The heuristics indicate the presence of CreateObject and CallByName calls, commonly used for malicious purposes. The document explicitly instructs the user to enable macros, a social engineering lure to bypass security. No specific family could be identified, but the techniques suggest a macro-based downloader.

Heuristics 4

CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
CallByName call high OLE_VBA_CALLBYNAME

CallByName call
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `b467d81e99f59c0059f5aaf05cf5899a6171053d06319f771455ab0e8e14aa93`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	3218 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.