Office (OOXML) / .XLSX malware analysis — malicious · 5ba4296e7d32c49a

MALICIOUS

Office (OOXML) / .XLSX

100.0 KB Created: 2020-11-16 23:27:24 UTC Authoring application: Microsoft Excel 16.0300

MD5: 00d477da802bf882fc4303b42432ae02 SHA-1: 09328d758aa706698b2cd0528236f32f3f1804ce SHA-256: 5ba4296e7d32c49aebffbb0dfcd9f48f1c5108c02bf75892237f88930ccf4b15

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1203 Exploitation for Client Execution

The critical heuristic firing indicates the presence of Excel 4.0 macros within the XLSX file. These macros are capable of executing arbitrary commands, a common technique for downloading and executing further malicious stages. The truncated script content prevents a more detailed analysis of the specific commands or URLs used.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `e96ac3abffdef07eb7af499e173c60406243eb731e7fdca322577ae27cf2d3b2`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	95119 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.