MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1203 Exploitation for Client Execution
The file is an Excel document containing Excel 4.0 macros, as indicated by the 'OOXML_XLM_MACROSHEET' heuristic. These macros are designed to execute arbitrary code, a common technique for downloading and executing further malicious payloads. The specific commands within the macros are heavily obfuscated, preventing a confident identification of the exact payload or C2 infrastructure.
Heuristics 1
-
Excel 4.0 macro sheet (3 sheet(s)) critical OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
emf_00.emfab58818ae1864807b22f8a58a75f7fa8703ecb19a2352bdb47469f366b868e59 |
ooxml-emf | OOXML EMF part: xl/media/image2.emf | 1108 bytes |
xlm_sheet_00.bin7ba8c7dae215c3d653270796d8570b3810c64068590cf64325562d684e829370 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet1.bin | 1340 bytes |
xlm_sheet_01.bincb1f1a0b36df7c5b1ecd6c45b74a2d4711b2827f0ee30f82c9df4f6bc63e617f |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet2.bin | 1509 bytes |
xlm_sheet_02.binab6060707b634032a9e28cdf4014bbeee5441e8ba06b1724bdb26e4c68089d59 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet3.bin | 1296 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.