SUSPICIOUS
38
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is an Excel spreadsheet containing financial data, which is a common lure for phishing attacks. It includes an external hyperlink to a financial institution's domain, potentially directing users to a phishing site. The presence of hidden sheets and external data links suggests an attempt to conceal malicious activity or facilitate data exfiltration.
Heuristics 4
-
External workbook data link medium OOXML_EXTERNAL_REL_DATALINKExternal workbook reference in xl/externalLinks/_rels/externalLink8.xml.rels: file:///R:\GAS 2002\ANALISIACQUISTI2002.xls — a UNC/file path; opening the workbook and updating links could leak NetNTLM credentials to the host
-
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKSDocument contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: mailto:matthew.lofting@jpmorgan.com
-
Hidden worksheet (hidden) low OOXML_HIDDEN_SHEETExcel workbook contains 2 hidden sheet(s) — hidden sheets are commonly used to conceal macro code, staging data, or intermediate payload construction
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.jpmorganmarkets.com Document hyperlink
- https://webcast.shell.com/guest/Document hyperlink
- http://www.apple.com/DTDs/PropertyList-1.0.dtdDocument hyperlink
- http://ns.adobe.com/xap/1.0/Document hyperlink
- http://www.w3.org/1999/02/22-rdf-syntax-ns#Document hyperlink
- http://purl.org/dc/elements/1.1/Document hyperlink
- http://ns.adobe.com/xap/1.0/mm/Document hyperlink
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#Document hyperlink
- http://ns.adobe.com/photoshop/1.0/Document hyperlink
- http://ns.adobe.com/tiff/1.0/Document hyperlink
- http://ns.adobe.com/exif/1.0/Document hyperlink
- http://www.iec.chDocument hyperlink
Open this report in the interactive analyzer, or submit your own file for analysis.