Office (OLE) / .XLSX malware analysis — malicious · 61e00423cf49a6bc

MALICIOUS

Office (OLE) / .XLSX

158.5 KB Created: 2021-11-16 23:08:37 Authoring application: Microsoft Excel

MD5: 1978f242101424ad0307c3f088da9113 SHA-1: cb0abc0e80fab5627ebe287f02a2c06886765242 SHA-256: 61e00423cf49a6bc2c39bede7adb6f1e710f38f31e2f47de1d1d8cfa7d40ce02

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing encrypted Excel 4.0 macros, indicated by the 'OLE_XLM_ENCRYPTED_MACROSHEET' and 'OLE_XLM_AUTOOPEN' heuristic firings. This strongly suggests the file is intended to execute malicious code when opened, likely for further exploitation or payload delivery.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.