Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 b02d88044c50d694…

MALICIOUS

Office (OOXML)

122.1 KB Created: 2021-03-29 19:55:06 UTC Authoring application: Microsoft Excel 16.0300
MD5: f41e29e685872c54729e8d7596923455 SHA-1: 0d71123ad3227651b93b7b3a5e55ae2395b24faa SHA-256: b02d88044c50d694ea29d04d23729aeaf7d38ca8a4da0f502797068d3951d5d7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1203 Exploitation for Client Execution

The critical heuristic firing indicates the presence of Excel 4.0 macros, which are known to be used for malicious purposes. The truncated script content suggests it is designed to execute commands, likely for downloading and executing a second-stage payload. Without further deobfuscation or script content, the exact family remains unknown.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
0d7587152bc0f528e5a96e63bf55d518f873054a6c56d73970556b76fed247db		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 94808 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.