MALICIOUS
98
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample is identified as a malicious Excel downloader by ClamAV. It contains an external hyperlink disguised as an invoice, which is a common lure for spearphishing attachments. The heuristic 'SE_INVOICE_LURE' further supports this, indicating the document's content is designed to trick users into clicking the link. No scripts were extracted, but the presence of external relationships and hyperlinks suggests the document is designed to download and execute a secondary payload.
Heuristics 5
-
ClamAV: Xls.Downloader.Agent08210-9888570-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Downloader.Agent08210-9888570-0
-
External relationship medium OOXML_EXTERNAL_RELExternal target in xl/pivotCache/_rels/pivotCacheDefinition1.xml.rels: /Users/goods/Downloads/JMS ENGINEERED PLASTICS INC_SOA_June.xlsx
-
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKSDocument contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://my.sitejet.io/goto/1983569/be74257b827a141f59c29b47c92f94201bd0058a19d5bab5e6a0376339a2e752/my_website_presentation
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://my.sitejet.io/goto/1983569/be74257b827a141f59c29b47c92f94201bd0058a19d5bab5e6a0376339a2e752/my_website_presentation
Open this report in the interactive analyzer, or submit your own file for analysis.