Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 f6423251550ef4f9…

MALICIOUS

Office (OLE) / .DOC

87.0 KB Created: 2009-02-23 06:25:00 Authoring application: Microsoft Word 8.0
MD5: 422440b550db19f1b522332dc59e8869 SHA-1: 1bbffda5b4f33f1aa6f75ece6d27b493f53e1c51 SHA-256: f6423251550ef4f9a2ab7f041f8c3678f254bb0eb787cec7c4ede90ece02b155
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The document contains VBA macros, specifically an Auto_Close macro, indicating malicious intent. The document body, written in Ukrainian and Russian, impersonates the Pension Fund of Ukraine and discusses pension payment adjustments for May-August 2010, requesting verification and corrections for September 2010. This pretext is likely designed to deceive the recipient into interacting with the malicious content. No specific IOCs were extracted beyond the presence of the macro.

Heuristics 2

  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
81b136b462c865985aaff06376a7359cb61d13b4b87c1c8b328914f274ff8319		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1588 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.