Office (OOXML) / .XLSX malware analysis — malicious · 1dd723cf63fe6090

MALICIOUS

Office (OOXML) / .XLSX

369.9 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000

MD5: 06d007383acde9729a038d9a4facecc2 SHA-1: f4bba2c2ea0e0724c58dc389c84628fb90516403 SHA-256: 1dd723cf63fe60909317aba4a9e2bcd9f47a320c3176bac30f1e6a0d5fdf7d57

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing Excel 4.0 macros. These macros are known to be used for malicious purposes, such as executing arbitrary commands or downloading further payloads. The specific macro content was truncated, preventing a more detailed analysis of its exact behavior or the identification of specific IOCs.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `c30ef0a9a134bd22b234b3c9c5161a5ac767c7f3a090f9dac14f77cd9f6ec01d`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	599482 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.