MALICIOUS
142
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Phishing: Spearphishing Attachment
T1204.002 Malicious File: Malicious Attachment
The file was detected by ClamAV as Xls.Malware.Valyria-10028437-0, indicating a known malicious signature. It contains an embedded OLE object, a common method for delivering secondary payloads. The presence of this object strongly suggests an attempt to execute malicious code upon opening or interaction.
Heuristics 4
-
ClamAV: Xls.Malware.Valyria-10028437-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Malware.Valyria-10028437-0
-
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAVClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas
- http://schemas.microsoft.com/office/drawing/2014/chartex
- http://schemas.microsoft.com/office/drawing/2015/9/8/chartex
- http://schemas.microsoft.com/office/drawing/2015/10/21/chartex
- http://schemas.microsoft.com/office/drawing/2016/5/9/chartex
- http://schemas.microsoft.com/office/drawing/2016/5/10/chartex
- http://schemas.microsoft.com/office/drawing/2016/5/11/chartex
- http://schemas.microsoft.com/office/drawing/2016/5/12/chartex
- http://schemas.microsoft.com/office/drawing/2016/5/13/chartex
- http://schemas.microsoft.com/office/drawing/2016/5/14/chartex
- http://schemas.openxmlformats.org/markup-compatibility/2006
- http://schemas.microsoft.com/office/drawing/2016/ink
- http://schemas.microsoft.com/office/drawing/2017/model3d
- http://schemas.openxmlformats.org/officeDocument/2006/relationships
- http://schemas.openxmlformats.org/officeDocument/2006/math
- http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing
- http://schemas.openxmlformats.org/wordprocessingml/2006/main
- http://schemas.microsoft.com/office/word/2010/wordml
- http://schemas.microsoft.com/office/word/2012/wordml
- http://schemas.microsoft.com/office/word/2018/wordml/cex
- http://schemas.microsoft.com/office/word/2016/wordml/cid
- http://schemas.microsoft.com/office/word/2018/wordml
- http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahash
- http://schemas.microsoft.com/office/word/2015/wordml/symex
- http://schemas.microsoft.com/office/word/2010/wordprocessingGroup
- http://schemas.microsoft.com/office/word/2010/wordprocessingInk
- http://schemas.microsoft.com/office/word/2006/wordml
- http://schemas.microsoft.com/office/word/2010/wordprocessingShape
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.bincc617b59617f417dc66f35bf2df7e1bf2362f3b80d599eac20235a94f5328a4c |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/chrome2.aksd~!kalsdk~!kasldk~! | 16957 bytes |
|
Detection
ClamAV:
Xls.Malware.Valyria-10028437-0
Obfuscation or payload:
unlikely
|
|||
emf_00.emfec74c1ac1cdf6264c476a64da7a349acdaadbdea7d19cb054ce3684213b97dc7 |
ooxml-emf | OOXML EMF part: word/media/image2.emf | 4156 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.