Office (OOXML) / .XLSX malware analysis — malicious · 169731ae6417687f

MALICIOUS

Office (OOXML) / .XLSX

346.3 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000

MD5: 54d630ddbaab05a9e11dab752a9f459c SHA-1: de7170516a40dd7bfd56bbfae65dcc62dc16f3c7 SHA-256: 169731ae6417687fea6bc9253b52a04c248b435abeaaf70e93a1d70a3af3cdd5

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1203 Exploitation for Client Execution

The critical heuristic firing indicates the presence of Excel 4.0 macros within the XLSX file. These macros are known to be used for executing arbitrary commands, often to download and run further malicious stages. While the specific commands are truncated, the presence of XLM macros strongly suggests an attack pattern focused on initial execution and payload delivery.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `99f032451edfccb63fee8200e97dccd4d842a81bcfbbb6b72a11fcab401e2c7f`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	258451 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.