Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 4c87d87e76d26faf…

MALICIOUS

Office (OOXML) / .XLSX

66.4 KB Created: 2021-10-27 10:31:49 UTC Authoring application: Microsoft Excel 12.0000
MD5: a242a5c20fe4c05880d3da94c3e11e60 SHA-1: 764dea5768952a35e712e9d8c136082f0438c145 SHA-256: 4c87d87e76d26faf07bdaa6d083ff78b638f31f21054e4acdcf24fdb1a9d5026
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates the presence of Excel 4.0 macros within an XLSX file. While the macro content is truncated, the presence of such macros is a strong indicator of malicious intent, often used to download and execute further stages of an attack. The file's metadata shows it was created with Microsoft Excel.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
6879906f58b4eff1c294e180f16062bb5db6da8b0410f5636a3184d3429ed7b9		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 6669 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.