Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 e5b269678cb4f11b…

MALICIOUS

Office (OLE) / .XLS

1.47 MB Created: 2007-10-22 13:39:51 Authoring application: Microsoft Macintosh Excel
MD5: fb825085d4bf3ef12b291b9577e2e63d SHA-1: e3db10692914b67ad48a590be278f6e62eb251d7 SHA-256: e5b269678cb4f11bc83afe40596925393c65d43e199a0d3a18d0e1055012c924
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing a Workbook_Open VBA macro, indicating it's designed to execute code upon opening. The macro source is substantial (33899 bytes), suggesting complex functionality. While no specific URLs or further script details were extracted, the presence of the Workbook_Open event strongly suggests an attempt to download and execute a secondary payload, a common technique for initial access and further infection.

Heuristics 2

  • Workbook_Open macro high OLE_VBA_WBOPEN
    Workbook_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
bc34b3bc5db94ba137e2d9ed082014b14f4fbcf3f81071f32225bff5a78a6568		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 33899 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.