Managed XDR

attachment.xls (ZLoader) — malware analysis report

File info

Filename: attachment.xls
File type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1253, Author: Panagiotis Fassilis, Last Saved By: Panagiotis Fassilis, Name of Creating Application: Microsoft Excel, Last Printed: Tue May 13 06:52:34 2014, Create Time/Date: Thu Jan 29 09:23:45 1998, Last Saved Time/Date: Wed May 29 07:37:44 2019, Security: 0
File size: 178 KB
First seen: 2025-11-05 14:37
Last seen: 2025-11-05 14:37

w10/x86 en

T1064 office_macros_hidden: Document contains suspicious Excel 4.0 macro

T1204.002 office_vb_load: Microsoft Office is loading VB DLL files (macros usage indicator)

T1204.002 office_com_load: Microsoft Office loads COM DLL files (indicator of COM usage in macros)

T1064 office_macros: The document contains macroses (total: 2)

T1064 office_macros_autoexec: The document contains an auto-start macro

T1064 office_macros_hidden: Document contains suspicious Excel 4.0 macro

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

T1064 office_macros: The document contains macroses (total: 2)

T1064 office_macros_autoexec: The document contains an auto-start macro

T1555.003 cookie_files: Accesses cookie files

T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

T1552 cookie_files: Accesses cookie files

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

T1083 checks_recent_files: Attempt to check recently opened files through registry

yara_rules: Static rules

office_summary: The document contains suspicious metadata

test_check_service: Starts services

writes_data: Writes big amount of data to disk

Managed XDR