Office (OOXML) / .XLSX malware analysis — malicious · f148e9a2089039a6

MALICIOUS

Office (OOXML) / .XLSX

69.7 KB Created: 2015-06-05 18:17:20 UTC Authoring application: Microsoft Excel 16.0300

MD5: 34339f5f8f3b303aad00272edfa2827f SHA-1: e1273963b7b1b7613f77e0ce353c108ae7557968 SHA-256: f148e9a2089039a66fa624e1ffff5ddc5ac5190ee9fdef35a0e973725b60fbc9

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is an Excel file containing a macro sheet, identified by the OOXML_XLM_MACROSHEET heuristic. Excel 4.0 macros are a legacy feature often abused by attackers to execute arbitrary code, typically to download and run a second-stage payload. No specific IOCs were extracted due to the truncated nature of the script content.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `49fbca71c88560e36c204add9e50a01da5a36879f18bc974d451ea79308638e7`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	1291473 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.