MALICIOUS
68
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
The OOXML_CLICKABLE_IMAGE_FORM_LURE heuristic indicates the presence of a phishing lure using a clickable image that directs the user to an external form. This strongly suggests an attempt to harvest credentials or other sensitive information. The external hyperlink further supports this attack pattern. No scripts were extracted from this sample.
Heuristics 3
-
OOXML clickable image phishing/form lure critical OOXML_CLICKABLE_IMAGE_FORM_LUREWorkbook uses a large embedded image as the visible document body and attaches a click-through external hyperlink to that image. The target is a form/collection service or the drawing contains download/view lure text, which is a common credential or document-phishing pattern rather than benign workbook data.
-
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKSDocument contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://v5oiiz5fh4h.typeform.com/to/IQa8Hlok
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/spreadsheetml/2006/main
- http://schemas.openxmlformats.org/officeDocument/2006/relationships
- http://schemas.openxmlformats.org/markup-compatibility/2006
- http://schemas.microsoft.com/office/spreadsheetml/2009/9/ac
- http://schemas.microsoft.com/office/spreadsheetml/2014/revision
- http://schemas.microsoft.com/office/spreadsheetml/2015/revision2
- http://schemas.microsoft.com/office/spreadsheetml/2016/revision3
Open this report in the interactive analyzer, or submit your own file for analysis.