Office (OOXML) / .XLSX malware analysis — malicious · dcb657d27de4f027

MALICIOUS

Office (OOXML) / .XLSX

105.8 KB Created: 2021-03-29 19:54:15 UTC Authoring application: Microsoft Excel 16.0300

MD5: 93991204e42169b077a30234cb681161 SHA-1: 981c01734038f61701fddc3d89fccc13c65f9154 SHA-256: dcb657d27de4f027f1a36e1cb480e456080dfe069213a144a084e406a0e596f5

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file containing a macro sheet, indicated by the OOXML_XLM_MACROSHEET heuristic. The macro sheet appears to be truncated, but the presence of Excel 4.0 macros suggests an attempt to execute arbitrary commands. Without further deobfuscation or content, the specific payload and delivery mechanism remain unclear.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `d949a8b7ffa97589188bab8170d521758076d1b4c068e080055a6adbc7dea520`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	98782 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.