Office (OOXML) / .XLSX malware analysis — malicious · 601641cf64833e9b

MALICIOUS

Office (OOXML) / .XLSX

57.7 KB Created: 2015-06-05 18:19:34 UTC Authoring application: Microsoft Excel 16.0300

MD5: 2dd0ff05024dc3997b165ec9c9ddce1b SHA-1: 86b506fd349352d2b99583355a0f927154d2996d SHA-256: 601641cf64833e9b37fc39a6f309cf40f1bb08ab263a47e659914d9949d82b52

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing Excel 4.0 macros, identified by the OOXML_XLM_MACROSHEET heuristic. These macros are capable of executing arbitrary commands, which is a common technique for downloading and executing further malicious content. No specific family could be identified, and no direct IOCs like URLs or hashes were extracted from the macro content itself.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `2bfddc5b0137b0730940d694c77d1373b4a63180deeb96ed09e796b5e65818f1`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/intlsheet1.bin	1770 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.