diff --git a/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml
new file mode 100644
index 00000000..4485c32d
--- /dev/null
+++ b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 1177fe7c-7dd2-11f0-8ab3-629be3538069
+date: '2025-08-20'
+description: Generated datasets for excel activemicrosoftapp in attack range.
+environment: attack_range
+directory: excel_activemicrosoftapp
+mitre_technique:
+- T1021.003
+datasets:
+- name: sysmon_winprojexe.log
+  path: /datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log
new file mode 100644
index 00000000..42545f8a
--- /dev/null
+++ b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:151c77e301c05f9dbb55db88002235c2eecc81cff6d3edd3a614e33d6d4fcad0
+size 11820