Office (OOXML) / .XLSX malware analysis — malicious · 366532fd52e4c2f7

MALICIOUS

Office (OOXML) / .XLSX

188.8 KB Created: 2021-10-27 10:31:49 UTC Authoring application: Microsoft Excel 12.0000

MD5: 9011ec4dfa5460d9cb8f53391a1714b1 SHA-1: c04791b05426191da97a7ceacc838058b3325901 SHA-256: 366532fd52e4c2f726847c0d6169c9163f98e1d47784de8b307cc5eb555aad17

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OOXML_XLM_MACROSHEET' indicates the presence of Excel 4.0 macros. While the macro content is truncated, this type of macro is commonly used to download and execute arbitrary code. The file's verdict as malicious supports this assessment.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `a8e4587cf737106c60937d73ede3a82084106aac2e5d2c88e52707497da862bb`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	4697 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.