MALICIOUS
90
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
The critical heuristic firing for CVE-2024-21413 indicates the exploitation of a moniker link vulnerability in OOXML documents. The embedded UNC path, \\Bdccentrwbd2\Folders\!Минералка\Инвестиции%2099-01.xls, suggests an attempt to lure the user into accessing a remote resource disguised as a local file. Hidden worksheets were also detected, which can be used to conceal malicious content.
Heuristics 4
-
CVE-2024-21413 — Moniker Link UNC path in OOXML critical CVE likely CVE_2024_21413Document contains a file:///\\...! hyperlink matching the Moniker Link shape associated with CVE-2024-21413. In affected Office/Outlook paths this can bypass Protected View and trigger NTLM authentication.
-
External relationship medium OOXML_EXTERNAL_RELExternal target in xl/externalLinks/_rels/externalLink1.xml.rels: /Users/user29.UKPF/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.Outlook/V16XYX1L/Users/Anna.Sergeeva
-
Hidden worksheet (hidden) low OOXML_HIDDEN_SHEETExcel workbook contains 20 hidden sheet(s) — hidden sheets are commonly used to conceal macro code, staging data, or intermediate payload construction
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mpfkz-my.sharepoint.com/Users/Vera.Kononova/AppData/Local/Microsoft/Windows/Temporary
- https://mpfkz-my.sharepoint.com/Users/user29.UKPF/AppData/Local/Microsoft/Windows/Temporary
- https://mpfkz-my.sharepoint.com/Users/Аубакирова
- https://mpfkz-my.sharepoint.com/Users/ww/Desktop/АВ/Бюджет
Open this report in the interactive analyzer, or submit your own file for analysis.