Office (OOXML) / .XLSX malware analysis — malicious · ef6544f318b62ad4

MALICIOUS

Office (OOXML) / .XLSX

171.8 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000

MD5: 03bd9d1615e155c57f9a0dedad00df20 SHA-1: 1de2eba7e87da57fe5e1c9c4e042c13018d6aa2b SHA-256: ef6544f318b62ad4c219ca2ebe185772c69c3991bdb82e5a508adcebf12675cb

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OOXML_XLM_MACROSHEET' indicates the presence of Excel 4.0 macros within the XLSX file. While the macro content is truncated and heavily obfuscated, the heuristic itself strongly suggests an attack pattern involving the execution of embedded macros. This is a common initial access vector for delivering secondary payloads. The lack of clear indicators for specific families or further IOCs limits the confidence in a more precise assessment.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `a2f7c3ddc5399dcbb002e207d38a84d12c5f469560c84b260d3f354d132e1489`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	359077 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.