Office (OOXML) / .XLSX malware analysis — malicious · 1dd54e8f4ab2fbd7

MALICIOUS

Office (OOXML) / .XLSX

75.1 KB Created: 2021-10-27 10:31:49 UTC Authoring application: Microsoft Excel 12.0000

MD5: a21cc04fca25b0497c91d8102a707dc0 SHA-1: d722495c22cec36322019030b24744b17af4163f SHA-256: 1dd54e8f4ab2fbd7e0fa375b519888ed7a65064ce1a05b17dd48764942c36efb

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OOXML_XLM_MACROSHEET' indicates the presence of Excel 4.0 macros within the XLSX file. While the macro content is truncated and heavily obfuscated, this type of macro is commonly used to execute arbitrary commands or download and run further stages of malware. The file's verdict as malicious further supports this, suggesting the macros are intended for malicious execution.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `a25be93153448be55f2bbcc0be573b1b6ccfa66e9f6d015450573568360607c7`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	7277 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.