Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 34b7091e57e91881…

MALICIOUS

Office (OOXML) / .XLSX

320.3 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000
MD5: fadd22bf47bd1d1323d2eee65d469429 SHA-1: dd61e188a11a7c9addf97ca12ccdfcf45064297d SHA-256: 34b7091e57e91881530b0fee7a73e9cbcbfb32acffab0edfe1ef6f617b9b298a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates the presence of Excel 4.0 macros within the XLSX file. While the macro content is truncated and heavily obfuscated, the presence of such macros is a strong indicator of malicious intent, likely to download and execute a secondary payload or perform other harmful actions. The specific commands or URLs are not discernible from the provided excerpt.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
1f45b5740e85569d97f8a7f7b26727f561ac24bc0ceb146a129a46ef79c2223f		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 414650 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.