Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 f625c31ce34fd7c1…

MALICIOUS

Office (OOXML) / .XLSX

110.1 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000
MD5: 64263cd55fc9b5a6790c5c366958bca4 SHA-1: c927f2e8db6a54bf5088770f52695c10723acb13 SHA-256: f625c31ce34fd7c1480292622ead7f22ad0694fe988f2bd81cb5479ac69622e7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates the presence of Excel 4.0 macros, which are known to be used for malicious purposes. While the macro content is heavily truncated and obfuscated, the presence of these macros suggests an attempt to execute arbitrary commands or download further payloads. The exact intent cannot be fully determined due to the truncated nature of the script.

Heuristics 1

  • Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET
    Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
xlm_sheet_00.bin
1abd08e46c6b972454364c6bc14dae46ce42168924cc23bf1af1c96763464508		 xlm-macrosheet OOXML XLM macro sheet: xl/macrosheets/sheet1.bin 222521 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.