MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1059.001 PowerShell
The file is an Excel spreadsheet containing Excel 4.0 macros, which are known to be used for malicious purposes. The VBA macro code includes a call to CreateObject, indicating an attempt to execute arbitrary code. The presence of Excel 4.0 macros suggests a direct execution of malicious commands within the spreadsheet environment.
Heuristics 3
-
Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
-
CreateObject call high OLE_VBA_CREATEOBJCreateObject call
-
VBA project inside OOXML medium OOXML_VBADocument contains vbaProject.bin — VBA macros present
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.basbbefddadacfee5dd68c5e21e79b04517b878da197b36cd2428d9fef088143446 |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 655 bytes |
vbaProject_00.bin0cec27606428d2673e7432f553ff56d3c8b40a29ce95e4663b7450db27841434 |
vba-project | OOXML VBA project: xl/vbaProject.bin | 12288 bytes |
xlm_sheet_00.bin630aacd7e79427e3f74ce30a5d504395974ae8a0c6e0880c44fa16b53c5401b1 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet1.bin | 2564 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.