Office (OOXML) / .XLSX malware analysis — malicious · 1c5932f1fc2c9fa6

MALICIOUS

Office (OOXML) / .XLSX

86.2 KB Created: 2021-10-27 10:31:49 UTC Authoring application: Microsoft Excel 12.0000

MD5: e8169bbb6780b2930a0bb62d41c27ab5 SHA-1: 1f95154da6d14de9428b69f5a98476849b5a6107 SHA-256: 1c5932f1fc2c9fa668dae97cb02a5c4301b088e9b3dfd02d00599014a589fc30

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel 4.0 macro sheet, indicated by the OOXML_XLM_MACROSHEET heuristic. Excel 4.0 macros are capable of executing arbitrary commands, which is a common technique for downloading and executing further malicious payloads. The script content is heavily truncated and obfuscated, preventing a more detailed analysis of its specific actions or the reconstruction of any URLs or commands.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `5e1265f0d33f9cf1122596726bd9bc54411e207793629dc825eb2d43fb6e3e47`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	6998 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.