Office (OOXML) / .XLSX malware analysis — malicious · b6ea6ad725d48643

MALICIOUS

Office (OOXML) / .XLSX

115.6 KB Created: 2021-03-29 19:55:06 UTC Authoring application: Microsoft Excel 16.0300

MD5: ea75b82c2b3a2b0a78c9ee10f3112349 SHA-1: 1793855d3648bed10874992022bb7babf9c763c7 SHA-256: b6ea6ad725d48643ec876eb412b2ff2ab8898a4e2a9029351c930ba35f87356a

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file containing a single sheet with Excel 4.0 macros. The heuristics indicate the presence of these macros, which are often used to execute arbitrary commands or download further payloads. The macro content is heavily truncated and obfuscated, preventing a detailed analysis of its specific actions or the reconstruction of any URLs or commands. However, the presence of Excel 4.0 macros is a strong indicator of malicious intent.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `0d7587152bc0f528e5a96e63bf55d518f873054a6c56d73970556b76fed247db`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	94808 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.