Office (OOXML) / .XLSX malware analysis — malicious · d7c97599d1a76428

MALICIOUS

Office (OOXML) / .XLSX

314.8 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000

MD5: b629875af272759b7a9e0ca137642b6c SHA-1: 24e0d5ca3a2346fd9407932f968b9d52c9a3a5f5 SHA-256: d7c97599d1a764282b372b6ca58a7214138bab7c3192cd4633162f9803bda4eb

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file containing Excel 4.0 macros. The heuristic firing indicates the presence of these macros, which are commonly used to download and execute malicious payloads. The macro content is heavily truncated, preventing a more detailed analysis of its specific actions or IOCs.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `38d1aa7e2347e02552de119bca7f17628cdf9af01ec04428cc257aec6ff54b7d`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	204648 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.