Office (OLE) / .NET malware analysis — malicious · ec609a33d08c9670

MALICIOUS

Office (OLE) / .NET

74.5 KB Created: 1998-05-18 04:18:50 Authoring application: Microsoft Excel

MD5: b9211e34d4a7774a1fb4e00c109e306e SHA-1: a6ac3da8b66ab0e8e26b41b6a11f5b5d0c706906 SHA-256: ec609a33d08c96706df27ed3a7062101087f65c2d6a9e3c103f4dafdd725f6db

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The critical ClamAV heuristic firing indicates the presence of the Doc.Macro.Laroux-5893719-0 malware. The Auto_Open macro firing confirms that malicious VBA code is present and designed to execute automatically upon opening the document. The document body presents a fake invoice to trick the user into enabling macros, which is a common social engineering tactic for macro-based malware.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `c48c0a9dbc442ae5512d626a24469f7b7ee11f749d91d2662abf60fc63343ceb`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1912 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.