Office (OLE) malware analysis — malicious · f3d212c5db0dd27e

MALICIOUS

Office (OLE)

487.5 KB Created: 2020-07-10 10:41:45 Authoring application: Microsoft Excel First seen: 2020-09-15

MD5: 646d8359ec26e1c269f4c7941f6687cb SHA-1: 6d7236322b7ad4b6b708a6197f6c0cb4b9ed9e78 SHA-256: f3d212c5db0dd27e3ab89df542dfea07249dc31d7ef769add18a655f15becef0

80 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel macro sheet that is encrypted, indicating a malicious intent to hide its functionality. The heuristic firings suggest it impersonates a document signing service, likely as a lure to entice the user to open and interact with the malicious content. The presence of an encrypted Excel 4.0 macro sheet points to the use of Visual Basic for execution.

Heuristics 3

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
Document signing service impersonation lure medium SE_DOCUSIGN_LURE

Document impersonates DocuSign, Adobe Sign, or a similar signing service in a signing-request context

Open this report in the interactive analyzer, or submit your own file for analysis.