MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1566.001 Spearphishing Attachment
The sample is an Office document that contains an external relationship pointing to a local CSV file, suggesting a potential lure. Crucially, it also contains obfuscated PowerShell commands within the document body, designed to evade detection. The PowerShell script reads a file from the AppData\Roaming directory and then XORs its contents with a hardcoded string, indicating it's likely a downloader for a second-stage payload.
Heuristics 3
-
External relationship high OOXML_EXTERNAL_RELExternal target in xl/pivotCache/_rels/pivotCacheDefinition2.xml.rels: file:///C:\Users\ScottBarnett\Downloads\Det_60 (10).csv
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://download.winzipsystemtools.com/wzdt/wzdt3.exe OOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/a4817818be264ce090e2b9df0c587f38/379326598569317624?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/56abede1bdbb42d68b650dbf391cf4a4/85899631575?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/0b2539d51e6248459ee6f6297fc7339e/373662173445?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/5c9beb8bb68f4015811d9ed7924376c0/38656345531?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/5c9beb8bb68f4015811d9ed7924376c0/38655358629?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/5c9beb8bb68f4015811d9ed7924376c0/34359997400?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/cf9d6d4092eb4f0ab37b5c377c0b8741/379145435026329718?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/04f036e00c61453c854cb13829ad7fc1/111672788744?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/04f036e00c61453c854cb13829ad7fc1/111671837008?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/3ba9e3e768824e88a7549c76d0e37651/379038273652849721?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/c87b423a270642ce84d5998080978ab4/223340251307?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/9cb3e291960549ae895d58807fc33a15/244817175117?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/9cb3e291960549ae895d58807fc33a15/244814604871?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/57e2762355f640bb98d83a74b2e16cdf/1440452090106351683?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/57e2762355f640bb98d83a74b2e16cdf/1440453722189733890?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/57e2762355f640bb98d83a74b2e16cdf/1440455424976486529?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/57e2762355f640bb98d83a74b2e16cdf/1440448274610925601?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/57e2762355f640bb98d83a74b2e16cdf/1440436855790248101?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313544704531?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313543670005?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313543013451?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313541697734?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313540048185?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313539610360?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313538217845?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/16eb7d56de264f46baa3ed9b452e5fe2/34361211229?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/16eb7d56de264f46baa3ed9b452e5fe2/34359840306?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313537627060?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313536673156?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313535635922?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313534599354?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/313533215413?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/309242705541?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/309241240912?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/309240669376?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/309238734674?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/550cd2f9b0414424aec3551fe8f037eb/309237656292?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/5664cdfbb6834c109af7f9f1189b6e0a/146029011885?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/0bd009c778d8425393b3ffb9bde6ba3e/227633449955?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/9595ec838a3740898af14621e8d9a30d/21475773665?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/d21ee1dae79146e89ee19da377aa8add/17180542578?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/32529b1092ef45acbe613d3124103e96/154619729062?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/851fcf8033664b25b08774b144155966/188981225274?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/851fcf8033664b25b08774b144155966/188979014796?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/11c1e6a822a747baad2fd29fe545b33f/377890626046922393?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/634bf470959f4c45b9bddbcc57cdb543/193273640654?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/897159d6ec20480e826603f25bc4aa3d/219044453668?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/897159d6ec20480e826603f25bc4aa3d/219044142498?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
- https://falcon.crowdstrike.com/activity/detections/detail/95908d4910924ae9acb7a90c7a90bb7c/124555911945?_cid=g03000mkepkjay5vbz7ktjyy57zaszkmOOXML external relationship
+85 more URL(s)
Open this report in the interactive analyzer, or submit your own file for analysis.