Office (OOXML) / .XLSX malware analysis — malicious · 17c930138e07b9df

MALICIOUS

Office (OOXML) / .XLSX

156.6 KB Created: 2021-03-03 07:51:04 UTC Authoring application: Microsoft Excel 16.0300

MD5: 15434fbb8043b1eadb39c2a07ae364fb SHA-1: 071d41d5c6197b0a12cb98c92bbae4fb80fc15ce SHA-256: 17c930138e07b9dfd0f66f5a42eb0c6608cb1d15cd6ff3f4b1d2a09a150cee49

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1203 Exploitation for Client Execution

The file contains an Excel 4.0 macro sheet, which is a strong indicator of malicious intent. The macro sheet likely contains code to download and execute a secondary payload, a common technique for initial execution and further compromise. The specific payload and its ultimate destination are not discernible from the provided evidence.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `7195951c08c959bfa2fe1435c071e342d8d9c0e25414a500162b896ab93a2ad4`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	22136 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.