Office (OLE) / .XLSX malware analysis — malicious · a53c15066f0f6990

MALICIOUS

Office (OLE) / .XLSX

225.0 KB Created: 2020-09-20 23:05:47 Authoring application: Microsoft Excel

MD5: 52727c4dd231c8518698722aea0d510e SHA-1: 6974d8bfb87d8c6876b681e742a27722b8ab70cd SHA-256: a53c15066f0f69905a66b6d1eb49c59ea3dc26f5e43ea69fc0b6e5824ba65807

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an encrypted Excel 4.0 macro sheet, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET and OLE_XLM_AUTOOPEN heuristics. The encrypted nature and lack of readable document body text suggest the primary purpose is to obfuscate the execution of malicious macros. Without further script content or network indicators, the exact payload and delivery mechanism remain unclear.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.