Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 f0a96f6ceeb57f32…

MALICIOUS

Office (OLE) / .DOC

60.0 KB Created: 1995-08-25 20:54:00 Authoring application: Microsoft Word 8.0
MD5: 832670fb67e1b28015ec2d5b1f1b2284 SHA-1: a4046b7cc414d90e97399df3c15bff6b2e714b93 SHA-256: f0a96f6ceeb57f321cbb85a2496446ee98cbb61578d3e787dbca943bfc140649
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is a Microsoft Word document with a high-confidence detection for VBA macros, specifically triggering on AutoOpen and AutoClose macros. The document body presents itself as a 'SCAN Tool' to clean 'prank macros' but is designed to execute malicious VBA code upon opening. No specific IOCs like URLs or hashes were extracted, but the presence of AutoOpen and AutoClose macros indicates an attempt to execute malicious code automatically when the document is opened and potentially when it is closed.

Heuristics 3

  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
20afdc068e4249a05e1c393ad776b5413d5a933dcde6a89885b6f9486e5952c2		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3842 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.