MALICIOUS
68
Risk Score
Heuristics 3
-
MFA / one-time-code harvesting lure high SE_MFA_LUREDocument asks for a one-time code, authenticator approval, or MFA confirmation — consistent with credential phishing kits that steal session tokens or abuse multi-factor authentication
-
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ooxml_oleobject_00.bin |
ooxml-ole-object | OOXML embedded OLE part: xl/embeddings/Microsoft_Office_Excel_Worksheet1.xlsx | 8886 bytes |
SHA-256: 1e20c6ccd549d20ea0ac6826382651c881fb14c89236084a60624d2423873bdc |
|||
emf_00.emf |
ooxml-emf | OOXML EMF part: xl/media/image1.emf | 1438840 bytes |
SHA-256: 6c5649bab02ef9a1718ed6eb59b10f1d82335079162c36812292b43b5442cf0b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.