Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 f4ee286a74576b7a…

MALICIOUS

Office (OOXML) / .XLSX

113.0 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000
MD5: b0098664ec14d1368dcb7a06e9860f4e SHA-1: d309fecb07e56d3affa03796e43d4c3b4b09055c SHA-256: f4ee286a74576b7ab63eaaf3524bd2c1743cb9ae29a2deebff2ab28ec8ee486d
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates the presence of Excel 4.0 macros within the XLSX file. While the macro content is truncated, the presence of such macros suggests an attempt to execute arbitrary commands upon opening the document. Further analysis of the full macro content would be required to determine the specific payload or intent.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
d1354d08041ebef5f11d3a1c59569194b28e547f19204d49278de4fa7744cd63		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 228782 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.