MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
The file contains Excel 4.0 macros, indicated by the OOXML_XLM_MACROSHEET heuristic. These macros are designed to execute arbitrary commands, which is a common technique for initial payload delivery or system compromise. No specific family could be identified due to the generic nature of the macro execution.
Heuristics 1
-
Excel 4.0 macro sheet (4 sheet(s)) critical OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
emf_00.emf36bcdb650f3335661fd30903e4ddbb92ac947513ed380f203fccc03424ff9fe4 |
ooxml-emf | OOXML EMF part: xl/media/image1.emf | 6145428 bytes |
xlm_sheet_00.binf1742fd16c856f9807dfef814db1a95a026c9385f3b6f3d0d46b9e1691880802 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/intlsheet1.bin | 1712 bytes |
xlm_sheet_01.bin1fb711494105af21495bc746f7ea6283199b97f3b4e60185c156b19fd07525b7 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/intlsheet2.bin | 792 bytes |
xlm_sheet_02.binf0a9425b8507f47d4bffbfc9986e6f77a1eec5a7b094745fec3307154c314949 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet1.bin | 402 bytes |
xlm_sheet_03.bin7b780847888f3179b9a2306b1d9dd4b22d991fb4b1641b18d3184a5b6ac9038f |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet2.bin | 322 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.