MALICIOUS
76
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.005 Visual Basic
The sample is an XLSM file containing VBA macros, indicated by the OOXML_VBA heuristic. The document body presents information resembling disaster relief claims, aligning with the SE_INVOICE_LURE heuristic, suggesting a social engineering pretext. The OOXML_EXTERNAL_REL heuristic points to a potentially malicious external reference within the document. While the VBA code itself appears to be related to worksheet cell manipulation, the presence of macros and the lure suggest the primary intent is to execute further malicious actions, likely through the embedded VBA project.
Heuristics 4
-
External relationship high OOXML_EXTERNAL_RELExternal target in xl/externalLinks/_rels/externalLink1.xml.rels: file:///C:\Users\issasa\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TJV9GU25\Excel Snapshot Template (002)
-
VBA project inside OOXML medium OOXML_VBADocument contains a VBA project — VBA macros present
-
Hidden worksheet (hidden) low OOXML_HIDDEN_SHEETExcel workbook contains 6 hidden sheet(s) — hidden sheets are commonly used to conceal macro code, staging data, or intermediate payload construction
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas664be631cd32c0e1128f53dba3418d1cc3b3cc77b0a332ec368296d99897a284 |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 2728 bytes |
vbaProject_00.binfecb85ae8702ca3dc7100473899c552f483c51b252d142d5664a17d080492dc4 |
vba-project | OOXML VBA project: xl/vbaProject.bin | 19968 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.