Malware Insights
This sample contains an embedded XLM macro sheet, which is indicative of an attempt to exploit legacy macro capabilities in Microsoft Office applications. The presence of the OOXML_XLM_MACROSHEET heuristic firing at critical severity suggests that this file leverages outdated scripting methods to achieve its objectives. Although specific URLs or IOCs were not extracted from the script content due to obfuscation, the pattern aligns with known attack vectors where such macros are used to initiate further stages of malware execution. Given these indicators, it's likely intended to perform actions like downloading additional payloads upon user interaction, though exact details remain obscured by the script's complexity.
Heuristics 1
-
Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
xlm_sheet_00.bin2ebd7eb3d79f738b60349d6fd2afe1c5e091c35c8ca695d02e49186f780918fe |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet1.bin | 4362 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.