MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The file is an Office document containing an embedded OLE object. Static analysis detected this embedded object as Win.Malware.LNKAgent-10043840-0. This suggests the document is likely a spearphishing attachment designed to deliver a malicious payload via the embedded object.
Heuristics 2
-
ClamAV: Win.Malware.LNKAgent-10043840-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Win.Malware.LNKAgent-10043840-0
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.bin |
ooxml-ole-object | OOXML embedded OLE part: xl/embeddings/oleObject1.bin | 4608 bytes |
SHA-256: 7176f26ba3310436c4fb02e4a6fbbde85f0a09726cad7a302eaacd990b0be310 |
|||
|
Detection
ClamAV:
Win.Malware.LNKAgent-10043840-0
Obfuscation or payload:
unlikely
|
|||
ooxml_oleobject_00_ole10native_00.bin |
ole-package | OOXML xl/embeddings/oleObject1.bin Ole10Native stream: Ole10Native | 1990 bytes |
SHA-256: eb485371d5975cc174a3edbfb05f9bad34c7ec51e1bb5fb3fdb9c2ae82e794cf |
|||
|
Detection
ClamAV:
Win.Malware.LNKAgent-10043840-0
Obfuscation or payload:
unlikely
|
|||
emf_00.emf |
ooxml-emf | OOXML EMF part: xl/media/image1.emf | 5024 bytes |
SHA-256: d8dfb9bab673e696237e3f484855dc7d6bbea2796e067d5b420e665304bcd673 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.