Office (OOXML) / .XLSX malware analysis — malicious · a8bc0c87149687f7

MALICIOUS

Office (OOXML) / .XLSX

65.4 KB Created: 2021-10-27 10:31:49 UTC Authoring application: Microsoft Excel 12.0000

MD5: 88a90ba05269dc5408937d421d107272 SHA-1: 6e35e5f9208257959d820bb69fd01798fd040f23 SHA-256: a8bc0c87149687f7d27e4c4aa6ed8afe4a18a6d1e958d237e11554485438d586

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as an Excel 4.0 macro sheet, which is a known technique for executing malicious code. The macro sheet contains obfuscated commands that are typical for initial execution and payload staging. Due to the nature of Excel 4.0 macros and the lack of specific indicators, the exact family cannot be determined, but the intent is clearly to run arbitrary commands.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `460ec70ff6a81a69c26938d2aa953134616b4ebec0d654cbc42f7cab5af51245`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	6337 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.