Office (OOXML) / .XLSX malware analysis — malicious · bde22e8f266802df

MALICIOUS

Office (OOXML) / .XLSX

97.7 KB Created: 2021-03-29 19:56:22 UTC Authoring application: Microsoft Excel 16.0300

MD5: 0388857d11a7ffcb521b1f6388524e3b SHA-1: fc5a75dab922c9146baa30343304b40dbb19ef2f SHA-256: bde22e8f266802df45ff311a1dab45e5b09b02fc8d69b5ed11d7fb7f2030bce8

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing indicates the presence of Excel 4.0 macros. While the macro content is truncated, the structure suggests it is designed to download and execute a secondary payload, a common technique for initial access. The lack of specific indicators or recognizable patterns prevents definitive family attribution.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `8e1b28f529b9953121695e4aa529a82ced34212695070267dfbfc82b2a16bc3b`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	91649 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.