Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 9bbc73e7a3ff9e02…

MALICIOUS

Office (OOXML) / .XLSX

108.3 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000
MD5: f96bb6ad94a93f11b7ee2573ca12fc59 SHA-1: e01514e7fc0bcc63740b54f63a2aeb3f75ed3e58 SHA-256: 9bbc73e7a3ff9e02bb72e6f4f1cbdddc0a479f9d76e68118b54a89ce478ca1cd
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates the presence of Excel 4.0 macros within the XLSX file. While the macro content is truncated and heavily obfuscated, the presence of these macros suggests an attempt to execute arbitrary code. The specific intent of the macro cannot be determined due to the truncated nature of the provided script content.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
c6c3ed2971ba1136f37701448b7fdfce525342de45bf76f858efff9b0094145b		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 281264 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.