Office (OOXML) / .XLSX malware analysis — malicious · 1690d539f5b27c4b

MALICIOUS

Office (OOXML) / .XLSX

105.6 KB Created: 2021-03-29 19:55:06 UTC Authoring application: Microsoft Excel 16.0300

MD5: 1bfa86eb70539c7b10c54ce81474379e SHA-1: 245131e2ed10b29bfeace6e8dc0449530269868b SHA-256: 1690d539f5b27c4bf8d0a988aac7c27bd7a0d1c86d01c253ec713962e4baf3cd

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1203 Exploitation for Client Execution

The file is an Excel spreadsheet containing Excel 4.0 macros, which is a known technique for executing malicious code. The macros are heavily obfuscated and truncated, but the presence of the 'XL M' macro sheet heuristic indicates the potential for arbitrary command execution. This suggests the file is likely a downloader or dropper for a second-stage payload.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `0d7587152bc0f528e5a96e63bf55d518f873054a6c56d73970556b76fed247db`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	94808 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.