Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 f5e15c09a352e57d…

MALICIOUS

Office (OLE)

686.0 KB Created: 2020-07-08 08:53:56 Authoring application: Microsoft Excel First seen: 2020-09-07
MD5: c2daae9a4408aa0ea32ee3aad0ae03eb SHA-1: cce84a759304c888ea48a0550ac3264ab62f0f61 SHA-256: f5e15c09a352e57ddd70e0548c99b42ee09b6ab21da5434680b62bc4593f7ddf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file containing an encrypted Excel 4.0 macro sheet, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET and OLE_XLM_AUTOOPEN heuristics. The encrypted nature suggests an attempt to obfuscate malicious functionality, likely involving the execution of commands or downloading of additional payloads. No specific IOCs were extracted due to the encrypted nature of the macro sheet.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.