Office (OOXML) / .XLSX malware analysis — malicious · d51711eecb039509

MALICIOUS

Office (OOXML) / .XLSX

327.5 KB Created: 2021-03-23 13:50:54 UTC Authoring application: Microsoft Excel 16.0300

MD5: e88b03763c5090769c37e24b58c4b987 SHA-1: 7bb0453fb4e4b5333fcd78df541ae9a3bd86105d SHA-256: d51711eecb03950944b65626423e1b36ff93d4852a715f25051cb683a16ff34d

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Office (OOXML) XLSX file identified as malicious. A critical heuristic firing indicates the presence of Excel 4.0 macros within the file. The extracted macro content, though truncated, shows patterns consistent with macro execution and potential payload delivery. The specific macro commands are not fully discernible due to truncation, but the presence of Excel 4.0 macros strongly suggests an attempt to download and execute a secondary payload.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `c67812df220d2aa4eccc3e5996096e4cca4c5f539f512f706c2fe068dade17cc`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	2660 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.