Office (OOXML) / .XLSX malware analysis — malicious · 6de25ca57c86190d

MALICIOUS

Office (OOXML) / .XLSX

344.9 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000

MD5: 2ce295dcd3764b8618daeade78c6e6c4 SHA-1: 46045b4d9f509a83cedfafaa48a05c19f52249a4 SHA-256: 6de25ca57c86190d89f900b0d6c95bc5484102e46180f39c916e0f6b2ddca9f1

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file was identified as a malicious Excel file containing Excel 4.0 macros. These macros are often used to download and execute further stages of malware. The presence of XLM macros strongly suggests an initial access vector via spearphishing attachment.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `618ec3746b1e098f8d84a780696b6783d12307163bd6c775616f541f544a5ec3`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	247443 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.