Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 533fbf1f1912757f…

MALICIOUS

Office (OOXML)

293.4 KB Created: 2021-06-07 17:09:28 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2021-06-28
MD5: 30fa8bb667f3304180ff32d2d50c899b SHA-1: 3a6295ba8be899fbe1ef284ab4b5965837591823 SHA-256: 533fbf1f1912757f9a6829e1da25654d7010a40d86f4da619f023e03431cbc23
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file containing an Excel 4.0 macro sheet. This type of macro is frequently used to download and execute additional malicious content, often leading to further compromise. No specific family could be identified from the available evidence.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Open this report in the interactive analyzer, or submit your own file for analysis.