SUSPICIOUS
30
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 User Execution: Malicious Link
The document contains a heuristic firing for a callback phishing lure, indicating it prompts the user to call a phone number. The document body discusses a webinar on auditing and skepticism, which is likely a pretext to engage the user in a conversation where they can be socially engineered. No scripts were extracted, and the embedded URLs are confirmed benign, suggesting the primary malicious activity relies on social engineering via the document content.
Heuristics 3
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
-
External hyperlinks (11) low OOXML_EXTERNAL_HYPERLINKSDocument contains 11 external hyperlinks — clickable URLs are stored as external relationships. First target: about:blank
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas Document hyperlink
- http://schemas.microsoft.com/office/mac/office/2008/mainDocument hyperlink
- http://schemas.openxmlformats.org/markup-compatibility/2006Document hyperlink
- http://schemas.openxmlformats.org/officeDocument/2006/relationshipsDocument hyperlink
- http://schemas.openxmlformats.org/officeDocument/2006/mathDocument hyperlink
- http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingDocument hyperlink
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingDocument hyperlink
- http://schemas.openxmlformats.org/wordprocessingml/2006/mainDocument hyperlink
- http://schemas.microsoft.com/office/word/2010/wordmlDocument hyperlink
- http://schemas.microsoft.com/office/word/2010/wordprocessingGroupDocument hyperlink
- http://schemas.microsoft.com/office/word/2010/wordprocessingInkDocument hyperlink
- http://schemas.microsoft.com/office/word/2006/wordmlDocument hyperlink
- http://schemas.microsoft.com/office/word/2010/wordprocessingShapeDocument hyperlink
- https://cdn.asp.events/CLIENT_NASBA_287596D2_5056_B733_49DFF69B632BDF66/sites/LearningMarket/media/Documents/2019-standards-and-fos/Fields-of-Study-Document---December-2019.pdfDocument hyperlink
Open this report in the interactive analyzer, or submit your own file for analysis.