Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 810b669d19151df1…

MALICIOUS

Office (OOXML) / .XLSX

344.8 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000
MD5: d2a8d53a7f4ff5f2a8fecf44dbb8c92e SHA-1: f2427e6b2efae30133fc2e2225aca7446ccf4cb7 SHA-256: 810b669d19151df1461804da5057fe57f355369adf5770b0b5022ee82317dc54
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel document containing Excel 4.0 macros, indicated by the OOXML_XLM_MACROSHEET heuristic. These macros are typically used to execute arbitrary code or download additional payloads. No specific URLs or further script details were extracted due to truncation, limiting the ability to identify a specific family or more detailed IOCs.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
9ec52668d4baad371f6d63f843a8720ed16017506ad84c3db8d5f32c8622dcd1		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 221749 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.