MALICIOUS
122
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.005 Visual Basic
The document body clearly indicates an advance-fee lottery scam, instructing the recipient to contact a specific individual via phone or email to claim a fictitious prize. The presence of an OLE EMF object and an Excel 4.0 macro sheet suggests the potential for embedded malicious content, likely used to facilitate the scam.
Heuristics 5
-
Office EPRINT stream contains EMF object high OLE_EPRINT_EMF_OBJECTOLE ObjectPool contains an EPRINT stream with EMF data. This is rare in normal documents and is CVE-2007-3893/MS07-046-family evidence when paired with Office exploit payload anomalies, but the malformed EMF record is not proven by this rule alone.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPENWorkbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main
Open this report in the interactive analyzer, or submit your own file for analysis.