MALICIOUS
78
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
The sample contains external hyperlinks and relationships pointing to internal J.P. Morgan network paths and an external URL, suggesting an attempt to trick the user into interacting with malicious content. The presence of an embedded OLE object and call-to-action shapes further supports a social engineering attack. The document body itself appears to be a financial outlook report, which could be used as a lure to disguise the malicious intent.
Heuristics 5
-
External relationship high OOXML_EXTERNAL_RELExternal target in ppt/charts/_rels/chart1.xml.rels: file:///\\NAEAST.ad.jpmorganchase.com\amerib$\GR\RESDATA5\aquadrani\David\Agency\Agency Multiples.xlsx
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
-
External hyperlinks (5) low OOXML_EXTERNAL_HYPERLINKSDocument contains 5 external hyperlinks — clickable URLs are stored as external relationships. First target: mailto:alexia.quadrani@jpmorgan.com
-
Call-to-action shape / download button low OOXML_DOWNLOAD_SHAPEDocument drawing contains a call-to-action phrase ('Click Here', 'Download Now', etc.) inside a shape or text box — a common visual lure used to trick users into enabling macros or visiting a malicious URL
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.netroadshow.com/events/login?show=f56fa483&confId=73280 Document hyperlink
- http://www.jpmm.com/Research/MultimediaDocument hyperlink
- http://www.iec.chDocument hyperlink
Extracted artifacts 17
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.bin |
ooxml-ole-object | OOXML embedded OLE part: ppt/embeddings/Microsoft_Word_Document.docx | 10357 bytes |
SHA-256: bada0f0127b479f404652e25d67f84f7748230025a92089cfa65cf927f9001b6 |
|||
emf_00.emf |
ooxml-emf | OOXML EMF part: ppt/media/image8.emf | 199004 bytes |
SHA-256: 2f42a8d43a3fbaa8ffd22deabe2ffd881a7de7d6c6c9283e8f34557186214c42 |
|||
emf_01.emf |
ooxml-emf | OOXML EMF part: ppt/media/image9.emf | 110844 bytes |
SHA-256: 76084e85b357e1fdd5b597ab6dd5ec5f8c84f9acb82e8eda03324e63db85528f |
|||
emf_02.emf |
ooxml-emf | OOXML EMF part: ppt/media/image10.emf | 13928 bytes |
SHA-256: 9bdc3f13ee19f8cb6b71c48db3e076da097cbeb32dfd6797ede2ce1490f17fb9 |
|||
emf_03.emf |
ooxml-emf | OOXML EMF part: ppt/media/image7.emf | 83340 bytes |
SHA-256: 4092793d42b682d5ecb2800416cc9cdcdb03aae14d500cc58a83577faca89a76 |
|||
emf_04.emf |
ooxml-emf | OOXML EMF part: ppt/media/image21.emf | 47292 bytes |
SHA-256: 4f1995766f7aa61eb87d86e408c4a6dae9e370dafa2a91e0c8aee43a7b053177 |
|||
emf_05.emf |
ooxml-emf | OOXML EMF part: ppt/media/image22.emf | 136744 bytes |
SHA-256: a354d47461c0fa5b465d3956d50191128650f18c868bdfbaddd95193070082e2 |
|||
emf_06.emf |
ooxml-emf | OOXML EMF part: ppt/media/image23.emf | 84732 bytes |
SHA-256: 737d4ab9f8a93e60e3a3006bc6c69d61fcae630df5afa3be001b64795d53788a |
|||
emf_07.emf |
ooxml-emf | OOXML EMF part: ppt/media/image17.emf | 11224 bytes |
SHA-256: e82c408f42f25b0f81d9ff743c10afdb9487f5e570b372418ebd5690521e0c1e |
|||
emf_08.emf |
ooxml-emf | OOXML EMF part: ppt/media/image18.emf | 906228 bytes |
SHA-256: e1628baefbc580adbea81db5fdcef66d53b8846006f502c461a3df0b682b0fab |
|||
emf_09.emf |
ooxml-emf | OOXML EMF part: ppt/media/image19.emf | 5956 bytes |
SHA-256: cb87fb2e87278df48d69ba86e6cb51dc971b88997bfa12d889056d4a082e382d |
|||
emf_10.emf |
ooxml-emf | OOXML EMF part: ppt/media/image20.emf | 10648 bytes |
SHA-256: 70fc63ce2c4a6abb5198eff198a5249bc8b742ee3bfb817a7ab7394a2f18da78 |
|||
emf_11.emf |
ooxml-emf | OOXML EMF part: ppt/media/image2.emf | 79692 bytes |
SHA-256: d4ca840a9e40ef338b5a91d0b2a89342eb6c50b869efc4d34fe20f5451375df7 |
|||
emf_12.emf |
ooxml-emf | OOXML EMF part: ppt/media/image3.emf | 79692 bytes |
SHA-256: 0edc44df77e376c0e64fa78f1195e634bbd8a9e3267b0560de88dee2acce521e |
|||
emf_13.emf |
ooxml-emf | OOXML EMF part: ppt/media/image4.emf | 133108 bytes |
SHA-256: e4c64f74308e73bc1add653d9bcedbbd3909d5b00ae78a80ccadf237f160bf05 |
|||
emf_14.emf |
ooxml-emf | OOXML EMF part: ppt/media/image5.emf | 229392 bytes |
SHA-256: a53cbb43deb9a254da57c7e2d9ea35d64c8a09dc904dcbe7295f510ae0db24a0 |
|||
emf_15.emf |
ooxml-emf | OOXML EMF part: ppt/media/image6.emf | 19896 bytes |
SHA-256: 8cef498dceb2874a743d113462a8de4a864ba8ad0cac72f6ea09d5598d48b9da |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.