Office (OOXML) / .XLSX malware analysis — malicious · 93f5cb2c91d12817

MALICIOUS

Office (OOXML) / .XLSX

614.5 KB Created: 2021-10-10 18:55:08 UTC Authoring application: Microsoft Excel 12.0000

MD5: 18662d6c1cc7c38c848608ff1a22964f SHA-1: e12218f2b040d6cd680f88f7ab4e592b47af798b SHA-256: 93f5cb2c91d12817661874b6b9c2880e16be1ba502c61e5b4bfba8e866aa4301

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel document containing Excel 4.0 macros. These macros are known to be used for executing arbitrary commands, often to download and run additional malicious payloads. The specific commands within the macro sheet are heavily truncated and obfuscated, preventing a more detailed analysis of the execution flow or specific IOCs.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `8476a5510214d4a607cd8f8d42511d8b286b8588be205050a140747ac64949a1`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	1594275 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.