d9e24d334fecee03e1da9c981510cfad9f144c62088a6321b557619f7d5dfc18

General

Target

IBAN for SWIFT.rtf
Size

725KB
MD5

fe46a6ba34a922c039c28678872177b4
SHA1

29c4422252ae39409c4396a38ce2203e7cb060db
SHA256

d9e24d334fecee03e1da9c981510cfad9f144c62088a6321b557619f7d5dfc18
SHA512

3ea5e8038015cae338054624a43f9ef5b9d2101a1d85356cde7d0ef0d18b18a6166fb2292593c0505fd89b81c45dbfb7d44c8117cbe5c46d9ec5ddfa3e4f9496
SSDEEP

6144:OwAYwAYwAXf6F0DeapmgknQbW9aoMaQRH3yCd3Lqc:6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4352	WINWORD.EXE
4352	WINWORD.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4352	WINWORD.EXE
4352	WINWORD.EXE
4352	WINWORD.EXE
4352	WINWORD.EXE
4352	WINWORD.EXE
4352	WINWORD.EXE
4352	WINWORD.EXE
4352	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\IBAN for SWIFT.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4340,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:8
1⤵
PID:1004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCDAE28.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
6a87af74de6f4b420d15cfee084158a7

SHA1
4a43ab16d6e2321465ad1f9bf429d57016ade35a

SHA256
86f2d5561e867db13d8112fa173eccedcb03eb5b2f9bd353b092ebde5327a35d

SHA512
33fe7cf4ec2cdbe36cd62704c84a4fe63a78927963cc283abe68081a277eea16ccc4ce66555496a562ab2db313258d8a35796e69c732832ab0b523b2c92fcb70

Download Submit
memory/4352-13-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-8-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-12-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-5-0x00007FF8161F0000-0x00007FF816200000-memory.dmp

Filesize
64KB

Download
memory/4352-18-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-9-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-7-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-10-0x00007FF815870000-0x00007FF815880000-memory.dmp

Filesize
64KB

Download
memory/4352-11-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-15-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-16-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-19-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-14-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-0-0x00007FF8161F0000-0x00007FF816200000-memory.dmp

Filesize
64KB

Download
memory/4352-6-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-2-0x00007FF8161F0000-0x00007FF816200000-memory.dmp

Filesize
64KB

Download
memory/4352-17-0x00007FF815870000-0x00007FF815880000-memory.dmp

Filesize
64KB

Download
memory/4352-3-0x00007FF8161F0000-0x00007FF816200000-memory.dmp

Filesize
64KB

Download
memory/4352-37-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-38-0x00007FF85620D000-0x00007FF85620E000-memory.dmp

Filesize
4KB

Download
memory/4352-39-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-40-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download
memory/4352-4-0x00007FF8161F0000-0x00007FF816200000-memory.dmp

Filesize
64KB

Download
memory/4352-1-0x00007FF85620D000-0x00007FF85620E000-memory.dmp

Filesize
4KB

Download
memory/4352-549-0x00007FF8161F0000-0x00007FF816200000-memory.dmp

Filesize
64KB

Download
memory/4352-550-0x00007FF8161F0000-0x00007FF816200000-memory.dmp

Filesize
64KB

Download
memory/4352-552-0x00007FF8161F0000-0x00007FF816200000-memory.dmp

Filesize
64KB

Download
memory/4352-551-0x00007FF8161F0000-0x00007FF816200000-memory.dmp

Filesize
64KB

Download
memory/4352-553-0x00007FF856170000-0x00007FF856365000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads