Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 deac4ba8621b7229…

MALICIOUS

Office (OLE) / .EXE

264.0 KB Created: 1999-12-16 23:34:27 Authoring application: Microsoft Excel
MD5: 3421b531224417e9ae5c00801c7ca05d SHA-1: dabf0f93371c0fad4d693f99adbecde8c8668c5f SHA-256: deac4ba8621b7229a02c0bddb85f68d8efbc9e80d5d0ebefbef5a039cc26dffe
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is an Excel OLE executable file that contains VBA macros. The presence of an Auto_Open macro indicates that malicious code will execute automatically upon opening the document. While no specific payload or network indicators were extracted, the technique itself is a well-established method for initial compromise. The file's structure and the Auto_Open heuristic strongly suggest a macro-based attack.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
9cf122ff60ffb81c7e5492062849e2b783219238e2e008dec166f7f0e41786a7		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1942 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.