Office (OOXML) / .XLSX malware analysis — malicious · 7b62f7bc2e4bb9eb

MALICIOUS

Office (OOXML) / .XLSX

171.3 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 15.0300 First seen: 2020-12-28

MD5: 44824a7c484eff5169eb5ae7611430cb SHA-1: e81052f196952bacb61e903f3516a3bc06d9559a SHA-256: 7b62f7bc2e4bb9ebe761c507f0b23ecd47bd606ff2f3bfdcd02e43f2115601a1

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file identified as malicious, containing Excel 4.0 macros. The macros are stored under a disguised path within the OOXML package, indicating an attempt to hide their presence. This suggests the file is designed to execute arbitrary commands or download further malicious content.

Heuristics 2

Excel 4.0 macro sheet (1 sheet(s)) critical 1 related finding OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
Excel 4.0 macro sheet stored under disguised package path critical OOXML_XLM_DISGUISED_RELATIONSHIP

OOXML package declares an xlMacrosheet relationship whose target is outside the canonical xl/macrosheets/ path. Excel follows the relationship type, while path-only scanners can miss the macro execution surface.

Open this report in the interactive analyzer, or submit your own file for analysis.