Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 fed429fe49d911c2…

MALICIOUS

Office (OLE) / .DOC

242.0 KB Created: 2000-05-04 04:28:00 Authoring application: Microsoft Word 8.0
MD5: d9c9e21853414bda96207fdb354b46f0 SHA-1: c29c5e058a46125f64b5e221f30355b00155a625 SHA-256: fed429fe49d911c2cc11c9b7070ed89b3391802ef00790bc274974e91f79e139
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious File T1059.005 Visual Basic

The file is a Microsoft Word document containing VBA macros, specifically triggering AutoOpen and Auto_Close heuristics, indicating malicious intent. The document body discusses internal controls in state-owned commercial banks, which appears to be a lure to disguise the malicious nature of the file. No scripts were extracted, and no specific IOCs like URLs or hashes were found in the provided evidence, limiting the ability to determine the exact payload or family. The presence of AutoOpen and Auto_Close macros strongly suggests an attempt to execute malicious code upon opening or closing the document.

Heuristics 3

  • VBA macros detected medium 2 related findings OLE_VBA_MACROS
    Document contains VBA macro code
  • AutoOpen macro high OLE_VBA_AUTOOPEN
    AutoOpen macro
  • Auto_Close macro high OLE_VBA_AUTOCLOSE
    Auto_Close macro

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
2db4823bd0272438abfc258a48ac78fd3bac89288395ea4f72642be69b3dbf80		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 28073 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.