Malicious Office (OLE) / .XLSX — malware analysis report

Static analysis result for SHA-256 0ff0692939044528…

MALICIOUS

Office (OLE) / .XLSX

94.5 KB Created: 2020-04-01 11:48:22 Authoring application: Microsoft Excel First seen: 2022-08-04
MD5: fb5ed444ddc37d748639f624397cff2a SHA-1: 3c1a4c0744203d2d08a23f4a9de10a1b593e7763 SHA-256: 0ff0692939044528e396512689cbb6ccee6d4ef14712b27c1efd832a00e24818
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The file is an Excel 4.0 macro sheet that is encrypted, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET heuristic. The presence of an AutoOpen macro (OLE_XLM_AUTOOPEN) suggests that the malicious code is designed to execute automatically upon opening the document. The document body is heavily corrupted and unreadable, preventing further analysis of its specific lure or payload.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.