Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 6d61361f45d2b4ba…

MALICIOUS

Office (OOXML)

293.4 KB Created: 2021-06-07 17:09:28 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2021-06-17
MD5: 47f686b8ae13095c6bf796ffadc22434 SHA-1: 06f18abf336bbf6059db2dd404a5c8ff48e98bc3 SHA-256: 6d61361f45d2b4ba33b6ca1327c13c6107cbda6d7aab99f11ec302df51a0ed26
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file containing Excel 4.0 macros, which are known to be used for malicious purposes. The presence of these macros suggests an attempt to execute arbitrary commands upon opening the document. No specific family could be identified from the available evidence.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Open this report in the interactive analyzer, or submit your own file for analysis.