Office (OOXML) / .XLSX malware analysis — malicious · 5cd3168aa6e2627e

MALICIOUS

Office (OOXML) / .XLSX

101.4 KB Created: 2020-11-16 23:27:24 UTC Authoring application: Microsoft Excel 16.0300

MD5: ea809c43430e72e29f98093e1ec6439c SHA-1: edb1e5387f63c478f33723131b6fb46a2e0d7305 SHA-256: 5cd3168aa6e2627e487e0683aeff2e369bc32a0ae1512aef80b0730de6396227

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an Excel spreadsheet containing Excel 4.0 macros, indicated by the 'OOXML_XLM_MACROSHEET' heuristic. These macros are often used to download and execute malicious payloads, suggesting an initial access vector via spearphishing. The macro content is heavily truncated and obfuscated, preventing a more detailed analysis of its specific actions or the identification of a particular malware family.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `4a0b26cd8256bb551f0073d35dc9bd83b4b0d5b9ef9568ec92673ff05b220db1`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	95119 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.