Office (OOXML) / .XLSX malware analysis — malicious · a3a6e16caa656519

MALICIOUS

Office (OOXML) / .XLSX

188.8 KB Created: 2021-10-27 10:31:49 UTC Authoring application: Microsoft Excel 12.0000

MD5: 47cc92f9a5949b44ddedfd1af2c2aee8 SHA-1: 75e6c95288baedb3f8b718371e54154ea54c0bcc SHA-256: a3a6e16caa6565194d239d465eb2fb4c48974029c95cd39c96f5904bc4546406

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file containing a macro sheet, indicated by the OOXML_XLM_MACROSHEET heuristic. The embedded Excel 4.0 macro sheet, xlm_sheet_00.bin, likely executes commands upon opening. While the macro content is truncated, its presence and the heuristic strongly suggest an attack pattern involving macro execution. The specific commands or payloads are not fully discernible due to truncation.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `f24acda3d19ba80a80a8c7c7d58448c505b46aba94542740a4b7170da3547942`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	4477 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.