Office (OLE) / .XLSX malware analysis — malicious · 9b4092bb8d0ce923

MALICIOUS

Office (OLE) / .XLSX

133.0 KB Created: 2020-07-01 09:47:51 Authoring application: Microsoft Excel

MD5: 9ed93b010c8adb3c2b698e64ef78f39f SHA-1: 920e5d6052977ca137a58323dacd0fc6384b40bb SHA-256: 9b4092bb8d0ce92346f980d9e4bd098bd0ca853beea2ef7dd5e9fbe1266c15b5

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is identified as malicious by ClamAV with the signature Xls.Dropper.Agent-8515218-0. Static analysis revealed an encrypted Excel 4.0 macro sheet, which is a common technique for delivering malware. The presence of an auto-open macro further supports this. The document body was unreadable, but the heuristics strongly suggest a dropper functionality.

Heuristics 3

ClamAV: Xls.Dropper.Agent-8515218-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Agent-8515218-0
Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.