Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 27ae7df4d0d9827c…

MALICIOUS

Office (OOXML)

482.8 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 15.0300 First seen: 2020-12-28
MD5: e7f459e47091baa58a1fdfa7fd98dec0 SHA-1: 4500ff960776ab93a90f897e0449501b1a318f8f SHA-256: 27ae7df4d0d9827cdc91aa5abaab7de27ff586b6d38095ee7114e1aad57c3b64
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file containing Excel 4.0 macros, which are known to be used for malicious purposes. The presence of these macros suggests an attempt to execute arbitrary commands upon opening the document. No specific family could be identified from the available evidence.

Heuristics 1

  • Excel 4.0 macro sheet (2 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Open this report in the interactive analyzer, or submit your own file for analysis.