Office (OOXML) / .XLSX malware analysis — malicious · 89b7f39fb7a0c774

MALICIOUS

Office (OOXML) / .XLSX

249.3 KB Created: 2021-04-13 11:33:03 UTC Authoring application: Microsoft Excel 16.0300

MD5: 6099fd6bb0b51b4eaeb02f7169a2b072 SHA-1: 179e6c3a18f9ead886f22c0df2b383e9161662dd SHA-256: 89b7f39fb7a0c7742e90a19bd5c6bbae275b48b6de9f0a1e120ba5b6615263ab

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing a macro sheet, as indicated by the OOXML_XLM_MACROSHEET heuristic. The extracted macro sheet content, though truncated, suggests it is designed to download and execute a secondary payload. The specific macro sheet filename 'xlm_sheet_00.bin' is included as an IOC.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `5d275605156cb7656c8a2298260709f173e7147da35dbd3a62e54c4956258c63`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	2549 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.