Office (OOXML) / .XLSX malware analysis — malicious · fbcc68a6ca33d199

MALICIOUS

Office (OOXML) / .XLSX

68.4 KB Created: 2021-10-27 10:31:49 UTC Authoring application: Microsoft Excel 12.0000

MD5: 52c9f18e4eccadf0458490b247a0d7ab SHA-1: 410831f8e8d68a6742d76236741edfe00f9a9854 SHA-256: fbcc68a6ca33d19948cba36ff5be64fb9d2c4258dc714a8223f37623acf6b5d1

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel 4.0 macro sheet, indicated by the OOXML_XLM_MACROSHEET heuristic. Excel 4.0 macros are known to be used for arbitrary code execution and are often employed to download and execute further stages of malware. No specific IOCs were extracted, but the presence of the macro sheet strongly suggests a malicious intent for initial access or payload delivery.

Heuristics 1

Excel 4.0 macro sheet (1 sheet(s)) critical OOXML_XLM_MACROSHEET

Spreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`xlm_sheet_00.bin` `dd16cf13d52685199d8e1cd4475782912e7753909b95e0bface0d4dff2f8c63e`	xlm-macrosheet	OOXML XLM macro sheet: xl/macrosheets/sheet1.bin	7652 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.