Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 4f974e08c9c8eb7f…

MALICIOUS

Office (OOXML) / .XLSX

98.4 KB Created: 2021-10-27 10:31:49 UTC Authoring application: Microsoft Excel 12.0000
MD5: e6a5ad688b55b50758e1c0610ecf5487 SHA-1: abf6078a9f4295e3ba15f66e9a8dc561b39c9fcb SHA-256: 4f974e08c9c8eb7ff04d8aa4aecf7e9d60595a8c1cbdfac6a68eaf1283ec7a9b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates the presence of Excel 4.0 macros within the XLSX file. While the macro content is truncated and heavily obfuscated, the presence of this type of macro sheet is strongly indicative of malicious intent, often used for initial payload delivery or execution. The primary function appears to be the execution of embedded macros.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
559ed7659ae7f74dc315001734eb6b397374222f4083abd084c0300c3788284c		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 7374 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.