Office (OOXML) / .XLSX malware analysis — malicious · 288a974533053fff

MALICIOUS

Office (OOXML) / .XLSX

107.0 KB Created: 2021-03-29 19:55:06 UTC Authoring application: Microsoft Excel 16.0300

MD5: 3f14b9b3f52fb2191ff0c5d28752baef SHA-1: e69b2e4a8520f6dd259da79ad1566060d4515765 SHA-256: 288a974533053fff27fc936cd239c942ffb3ac6492e4b18ed16f6755fb02a4b1

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing a macro sheet, identified by the OOXML_XLM_MACROSHEET heuristic. The extracted macro sheet content is heavily truncated and obfuscated, making it impossible to determine the exact commands being executed or reconstruct any specific IOCs. However, the presence of Excel 4.0 macros strongly suggests an attempt to execute arbitrary commands upon opening the document.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `0d7587152bc0f528e5a96e63bf55d518f873054a6c56d73970556b76fed247db`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	94808 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.