Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 e661a74ee7173cb7…

MALICIOUS

Office (OLE) / .DOC

98.5 KB Created: 2010-02-05 19:07:00 Authoring application: Microsoft Word 10.0
MD5: 7756c8547ce2047d48129fb40f48e641 SHA-1: 1447b95d66c761f3e4be1fb924f6774ab728def2 SHA-256: e661a74ee7173cb78b41e2af78a9c658886a518d546e5d533db47c3f74af6f32
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The sample is a Microsoft Word document containing a VBA macro, indicated by the OLE_VBA_MACROS heuristic. The presence of AutoOpen and Auto_Close macros suggests an attempt to automatically execute code upon opening or closing the document. The document body presents a 'Client REFERRAL AGREEMENT', a common lure to trick users into enabling macros. While no specific malicious URLs or scripts were extracted, the macro execution is the primary indicator of malicious intent, likely to download and execute a secondary payload.

Heuristics 3

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
8dfd95711449b9ec1142651e34f49df7d7852628481a3a3e01f0b8829769dc39		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 10280 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.