Office (OOXML) / .XLSX malware analysis — malicious · 62097f835b56b682

MALICIOUS

Office (OOXML) / .XLSX

83.8 KB Created: 2021-03-14 21:03:54 UTC Authoring application: Microsoft Excel 16.0300

MD5: 77b0cb5fb406009144bcb9b666bb3950 SHA-1: 223ea9127e7816e3079917cfa05745d4131fc0fd SHA-256: 62097f835b56b682447edc2cf3b5c92fcd1a609d0c96031dc934f2d77e2e4f5e

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing Excel 4.0 macros. The macros are heavily obfuscated but appear to be designed to execute arbitrary commands, likely to download and run a second-stage payload. Further analysis of the macro content is required to determine the exact execution flow and potential IOCs.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `f1897ccb5cf177d76efa4c1af4c8f850d0b2f2e999f7edfc0f09629ade8c4c9c`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	92099 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.