Office (OOXML) / .XLSX malware analysis — malicious · 91164696edc4efba

MALICIOUS

Office (OOXML) / .XLSX

101.2 KB Created: 2021-09-20 10:27:09 UTC Authoring application: Microsoft Excel 12.0000

MD5: 19989ff08d6e0accb9d233f5477bb216 SHA-1: a7b9f2c08fceca215ab866f59269d416bc8f8f09 SHA-256: 91164696edc4efba635e5246a48693e8fd75db2eef8e06e354848365b9fead55

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing Excel 4.0 macros. These macros are often used to download and execute malicious payloads. The specific commands within the macro are heavily obfuscated and truncated, preventing a confident determination of the exact payload or delivery mechanism. No external IOCs were extracted.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `5834a0d2973a5e23d84b64ebb2861ec1ab90e817c3deb741e2f3ddb86ceeeed0`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	885 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.