Office (OOXML) / .XLSX malware analysis — malicious · 2dbe63d884a88240

MALICIOUS

Office (OOXML) / .XLSX

135.9 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000

MD5: 619042eb733c261e0a05d72cb8fd472e SHA-1: 6d0995f4b9881f56d5f5e28d71cc9ff0b41e054e SHA-256: 2dbe63d884a8824086009ae22311d1e8a2e51079b51599ee5d56e5b6c3f337e0

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates the presence of an Excel 4.0 macro sheet, which is often used to execute arbitrary commands. The macro sheet content is heavily truncated, preventing a more detailed analysis of its specific actions or payload delivery. However, the presence of such a macro sheet strongly suggests an attack pattern involving command execution.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `cbd5def4df04a07248732017c6b29ab5be9d78edb877129762c21e294410022f`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	620365 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.