Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 ab0918b014bd81b3…

MALICIOUS

Office (OOXML) / .XLSX

108.5 KB Created: 2021-09-08 10:16:58 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2021-09-17
MD5: cc064043229bad8f94a41de8a6ce8721 SHA-1: 8a7b7fe2bd557e4e7b8e1cd86bc0ba3f8ef33461 SHA-256: ab0918b014bd81b35ac4e11e74dcd68add1ca8318dde0a48139152627e6f3c03
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file contains Excel 4.0 macro sheets, which are known to be used for malicious purposes. The macros themselves are heavily obfuscated and do not contain directly executable commands or URLs. Therefore, the exact payload and delivery mechanism cannot be determined from the provided evidence.

Heuristics 1

  • Excel 4.0 macro sheet (2 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
2fde0336acd14cd42f58720df3de61875006fa6767a60c95a5bb6f116176c9c2		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 304 bytes
xlm_sheet_01.bin
f6e36b6974edb0b1daa8a36471f60d66aeff276460b6fe07a31b2b36cc6df00a		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet2.bin 912 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.