Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 7afea17a13f2dd18…

MALICIOUS

Office (OOXML) / .XLSX

358.1 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000
MD5: dc0fd795acd135a66520283eecf4ad32 SHA-1: 7137dd36df75924cc1668e12e805429163673418 SHA-256: 7afea17a13f2dd18c6762a60738e47a4cf999965b444ae9a841b444e14ae72b4
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates the presence of Excel 4.0 macros within the XLSX file. These macros are known to be used for executing arbitrary code, often to download and run additional malicious content. The truncated script content prevents a more detailed analysis of the specific actions taken, but the presence of XLM macros is a strong indicator of malicious intent.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
70edfd918f46a98a0301578a3a15b6e9bb1d2573440766c550d6d3b1a216a1cb		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 231186 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.