Office (OOXML) / .XLSX malware analysis — malicious · 65d6c6478fb75039

MALICIOUS

Office (OOXML) / .XLSX

251.6 KB Created: 2020-06-29 18:53:03 UTC Authoring application: Microsoft Excel 16.0300

MD5: 08b6718f28bd303f0b407e0ec0f30872 SHA-1: 824489d6a73609db8763172a2e9f2e9d9f7c63a4 SHA-256: 65d6c6478fb750394d0517f5ff77fa13dfd354dbbec4cff3ec9e897bf8e3e926

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel document containing Excel 4.0 macros, indicated by the OOXML_XLM_MACROSHEET heuristic. These macros are designed to execute arbitrary commands, a common technique for downloading and executing further malicious content. The specific commands within the macro sheet are truncated, preventing a more detailed analysis of the payload or specific IOCs.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `ee0ead20f16d3adf447edba8d08b3df8bb3f14df475d15ca237603aeb4a88d2f`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	93069 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.