Office (OOXML) / .XLSX malware analysis — malicious · 1a02a42a53a6427c

MALICIOUS

Office (OOXML) / .XLSX

136.8 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000

MD5: 450f53d6b2a89bae9871791dc27569b4 SHA-1: dcdf52075d17aa83b4c001c733eacc5885e02a8e SHA-256: 1a02a42a53a6427cf7a22e2958514648751a3064995125bd74cef9a75a72bcf6

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file containing Excel 4.0 macros, indicated by the OOXML_XLM_MACROSHEET heuristic. While the macro content is truncated and heavily obfuscated, the presence of Excel 4.0 macros strongly suggests an attempt to execute arbitrary code, likely for malicious purposes such as downloading a second-stage payload. The exact functionality cannot be determined due to the truncated script.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `95e63c168ae930ed9aee7347124f1a0a7b977979497e941ad01a631d2c6019c3`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	630234 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.