MALICIOUS
98
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The critical ClamAV heuristic identifies the file as Xls.Downloader.Agent08210-9888570-0, a known downloader. The presence of a fake invoice lure and an external hyperlink further supports this, suggesting the document is designed to trick the user into navigating to the provided URL. This URL is likely used to download and execute a secondary malicious payload.
Heuristics 5
-
ClamAV: Xls.Downloader.Agent08210-9888570-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Downloader.Agent08210-9888570-0
-
External relationship medium OOXML_EXTERNAL_RELExternal target in xl/pivotCache/_rels/pivotCacheDefinition1.xml.rels: /Users/goods/Downloads/JMS ENGINEERED PLASTICS INC_SOA_June.xlsx
-
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKSDocument contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://app.mockplus.com/run/rp/DzwNqsd-gpbP/q3X2lMjR1tXg/im9t1xNwMXF?ps=0&ha=0&la=0&fc=0&out=0
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://app.mockplus.com/run/rp/DzwNqsd-gpbP/q3X2lMjR1tXg/im9t1xNwMXF?ps=0&ha=0&la=0&fc=0&out=0
Open this report in the interactive analyzer, or submit your own file for analysis.