Malicious Office (OLE) / .XLSX — malware analysis report

Static analysis result for SHA-256 f46fe423de8457dc…

MALICIOUS

Office (OLE) / .XLSX

125.5 KB Created: 2020-07-01 09:47:51 Authoring application: Microsoft Excel
MD5: d557e625c6db4cba95a25a13cbe9310f SHA-1: 09e780030b7e4d922c3bc3d1d7d2c1b900309a0a SHA-256: f46fe423de8457dc5b4e96e60b6f397322880a42fe97a0b3b934e0695a2be532
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The sample is an Excel file identified as containing an encrypted Excel 4.0 macro sheet. This strongly suggests the file is designed to execute malicious code upon opening. The presence of an encrypted macro sheet is a common technique for hiding malicious scripts, often used to download and execute further stages of an attack. No specific IOCs were extracted, but the file structure itself is indicative of malicious intent.

Heuristics 2

  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.