Office (OLE) / .XLSX malware analysis — malicious · 698b96dbb804b4cb

MALICIOUS

Office (OLE) / .XLSX

120.5 KB Created: 2020-07-01 09:47:51 Authoring application: Microsoft Excel

MD5: e833a86e7f1bae9b1258248d5a393f04 SHA-1: 4d798a1d9f936931b9f386c3a05a87f2c071d155 SHA-256: 698b96dbb804b4cb879249648e033fbdb78597f3bd509fb85ff4811cc43dc6ef

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing encrypted Excel 4.0 macros, indicated by the 'OLE_XLM_ENCRYPTED_MACROSHEET' and 'OLE_XLM_AUTOOPEN' heuristic firings. The presence of these macros suggests an attempt to execute arbitrary code upon opening the document. No specific IOCs were extracted, and the document body was truncated, limiting further analysis.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.