Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 5e797fe41b7dd2c6…

MALICIOUS

Office (OOXML) / .XLSX

66.7 KB Created: 2021-03-15 18:25:06 UTC Authoring application: Microsoft Excel 16.0300
MD5: f2fd69d006d954bb4c81c7258a97eb7d SHA-1: b1b3b29d140d76e070de8ffef81d17239417800c SHA-256: 5e797fe41b7dd2c6328bf6173a97fca3d88fbf39dca38ef7a861c50d00d81302
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates the presence of Excel 4.0 macros within the XLSX file. These macros are designed to execute arbitrary code, likely to download and run a secondary payload. The truncated script content prevents a more detailed analysis of the specific actions taken.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
a6d259d760d9a30e97f19886c8ae43799d6d6cf89947d3582e05198c4779b855		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 94320 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.