Office (OLE) / .XLSX malware analysis — malicious · dfae46a2c8083b6c

MALICIOUS

Office (OLE) / .XLSX

277.0 KB Created: 2006-09-16 00:00:00 Authoring application: Microsoft Excel

MD5: 1ce9bb4784ef70cd5d09291a5005ab51 SHA-1: f4c3e4d7be3e6855c0272b0c2f3a2833bd6963a1 SHA-256: dfae46a2c8083b6cf4f91691289ca97cbcc002126058a2900f09564edccffdfb

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1204.002 Malicious File

The sample contains an Excel 4.0 macro sheet, which is a strong indicator of malicious intent. The document body contains obfuscated text that reconstructs to a URL ('http://akoneckotechnology.com/netmons.dll') and a DLL filename ('netmons.dll'). This suggests the macro is designed to download and execute a second-stage payload from the specified URL. The heuristic firings confirm the presence of macro-enablement lures and impersonation of a document signing service to trick the user into running the malicious content.

Heuristics 3

Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
Macro/content-enable lure medium SE_ENABLE_LURE

Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
Document signing service impersonation lure medium SE_DOCUSIGN_LURE

Document impersonates DocuSign, Adobe Sign, or a similar signing service in a signing-request context

Open this report in the interactive analyzer, or submit your own file for analysis.