Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 1aec14598dc1cf4b…

MALICIOUS

Office (OOXML) / .XLSX

119.5 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000
MD5: b97d7a86848b28232c7cd7bad6463cab SHA-1: 7611b4ca4f41acca97a203e44af3c931dfac2cb3 SHA-256: 1aec14598dc1cf4b51ae211703872bff744d134c74d60f6accb8a6f8d7c01989
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel document containing Excel 4.0 macros, which are known to be used for malicious purposes. The macros are heavily obfuscated and truncated, preventing a detailed analysis of their specific actions. However, the presence of Excel 4.0 macros strongly suggests an intent to execute arbitrary commands.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
59579b11126c6cc92ff43d2995b69965990b245dd9244e5a437c3eec2b03508d		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 441932 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.