MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.005 Visual Basic
The critical heuristic firing indicates the presence of Excel 4.0 macros within the XLSX file. These macros are designed to execute arbitrary commands, a common technique for initial access. The truncated script content prevents a more detailed analysis of the specific payload or command execution.
Heuristics 1
-
Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
xlm_sheet_00.bind9ca0b15194145922a6098e534b0880555c1cab83960d1c2030c0e2e38f4c433 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet1.bin | 95119 bytes |
Preview scriptFirst 1,000 lines of the extracted script
� � � @ �������� � � � � � � @ d � $ � � % �� & � ���� , � % �� & , �
C� B % �� & , �
B � % �� & , �
. B ��
� # B Հ % �� &
, �
c C. B v�
%� C8 #� B a�B 7
� B �� % �� &
, �
C8 B v� % �� & , � % �� & , �
# C B v� % �� & , �
? B � % �� & , �
# B Հ % �� & , �
% B �� % �� & , � *
� % �� & , �
� B �� % �� & , �
z Co B
� B � % �� & , �
� B � % �� & , � G % �� & " , �
� Cy B % �� & % , �
L B � % �� & & , �
� B � % �� & ' , �
! B �� % �� & * , �
B � % �� & / , �
= C� B v� % �� & 0 , �
B � % �� & 2 , �
� #B B Հ % �� & 3 , �
. B � % �� & 4 , �
l B � % �� & 5 , � � + % �� & 6 , � E % �� & 9 , �
� B � % �� & ; , �
� #� B Հ
� #� B Հ % �� & = , �
& #� B Հ % �� & ? , �
� C� B
� #, B Հ % �� & @ , � @ 4�@
� CA B % �� & A , � @ �a@% �� & B , � � % �� & C , �
B �
} C3 B v�
� C5 B % �� & F , �
� #z B Հ % �� & H , � ,
� B � % �� & K , �
b #* B Հ % �� & L , �
E B � % �� & M , �
w B � % �� & N , � � % �� & S , �
� B � % �� & U , �
B �
c C� B
� B � % �� & V , � p % �� & X , �
� 5 d P T t h f Z r o L g G L H D: y D% F D� � D` G D� � D� � D] � Df � D[ � Dv Y D� D D * D� � DO � D� � D� � Dm q D� i D� D D? 8 DI � D 5 D D� � Dv
� D e DP A D� � Df B X % �� & Y , �
=5 * T W l H I R b W z P i C $q � B X % �� & Z , �
5 $
� B � % �� & [ , �
5 $� B � % �� & \ , � g
... (truncated)
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.