Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 2d470a0183ea3f4f…

MALICIOUS

Office (OOXML) / .XLSX

93.4 KB Created: 2021-10-27 10:31:49 UTC Authoring application: Microsoft Excel 12.0000
MD5: 37091567b0901d3896fa7ef82ea571bb SHA-1: 610b9d2c6a07f01fab0e0fa13377c3ebfa3bc7a8 SHA-256: 2d470a0183ea3f4f3c62fbd66ec3f22d474a731b98ff9286c1984365541c3549
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file containing Excel 4.0 macros. The heuristic firing indicates the presence of these macros, which are often used to execute arbitrary commands or download further malicious payloads. The script content is heavily truncated and obfuscated, preventing a detailed analysis of its specific actions or any IOCs it might contain.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
a7464f990123b60a32e72f4c6d7ca11a3a18a084c211fc046f8b4cd46e47be2d		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 4534 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.