Analysis

  • max time kernel
    122s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    21-10-2021 18:00

General

  • Target

    Romai Sports LLC Presentation 1.xlsx

  • Size

    369KB

  • MD5

    f7f005fadf80e48c5deda7686b478da1

  • SHA1

    67f72bcc1f885d3e6ca81b2297ec1fd9c5924fb9

  • SHA256

    4015c5ebb42790e7499366372aa4dbaac51dfc6ab790f7687b10311a08ce1f57

  • SHA512

    cbddcf8cca06d3079dcc82994b33d0f6fe08a6257862ca360226561d1013af06e290fb239f2f29e4d60eaabc57b6d3bc963b948f61b1567a76001be27b42eb7a

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Romai Sports LLC Presentation 1.xlsx"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1996

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1996-115-0x00007FFBD6230000-0x00007FFBD6240000-memory.dmp
    Filesize

    64KB

  • memory/1996-116-0x00007FFBD6230000-0x00007FFBD6240000-memory.dmp
    Filesize

    64KB

  • memory/1996-117-0x00007FFBD6230000-0x00007FFBD6240000-memory.dmp
    Filesize

    64KB

  • memory/1996-118-0x00007FFBD6230000-0x00007FFBD6240000-memory.dmp
    Filesize

    64KB

  • memory/1996-119-0x000002A406070000-0x000002A406072000-memory.dmp
    Filesize

    8KB

  • memory/1996-120-0x000002A406070000-0x000002A406072000-memory.dmp
    Filesize

    8KB

  • memory/1996-121-0x000002A406070000-0x000002A406072000-memory.dmp
    Filesize

    8KB

  • memory/1996-127-0x00007FFBD3420000-0x00007FFBD3430000-memory.dmp
    Filesize

    64KB

  • memory/1996-128-0x00007FFBD6230000-0x00007FFBD6240000-memory.dmp
    Filesize

    64KB

  • memory/1996-129-0x00007FFBD3420000-0x00007FFBD3430000-memory.dmp
    Filesize

    64KB