Overview
overview
8Static
static
8APT28/1-IA...d.docx
windows7-x64
4APT28/1-IA...d.docx
windows10-2004-x64
1APT28/2-Ex...ad.ps1
windows7-x64
3APT28/2-Ex...ad.ps1
windows10-2004-x64
3APT28/2-Ex...st.bat
windows7-x64
8APT28/2-Ex...st.bat
windows10-2004-x64
8APT28/2-Ex...ad.vbs
windows7-x64
8APT28/2-Ex...ad.vbs
windows10-2004-x64
8APT28/2-Ex...d.docm
windows7-x64
4APT28/2-Ex...d.docm
windows10-2004-x64
1APT28/2-Ex...nk.exe
windows7-x64
1APT28/2-Ex...nk.exe
windows10-2004-x64
1APT28/2-Ex...rt.lnk
windows7-x64
8APT28/2-Ex...rt.lnk
windows10-2004-x64
8APT28/2-Ex...ip.exe
windows7-x64
1APT28/2-Ex...ip.exe
windows10-2004-x64
3APT28/2-Ex...te.exe
windows7-x64
1APT28/2-Ex...te.exe
windows10-2004-x64
1update.exe
windows7-x64
1update.exe
windows10-2004-x64
1APT28/3-Pe...st.exe
windows7-x64
1APT28/3-Pe...st.exe
windows10-2004-x64
1APT28/3-Pe...st.dll
windows7-x64
1APT28/3-Pe...st.dll
windows10-2004-x64
1APT28/3-Pe...32.dll
windows7-x64
3APT28/3-Pe...32.dll
windows10-2004-x64
3APT28/3-Pe...64.dll
windows7-x64
1APT28/3-Pe...64.dll
windows10-2004-x64
1APT28/4-Pr...to.exe
windows7-x64
1APT28/4-Pr...to.exe
windows10-2004-x64
1APT28/4-Pr...LG.exe
windows7-x64
1APT28/4-Pr...LG.exe
windows10-2004-x64
1Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19/11/2024, 11:26
Behavioral task
behavioral1
Sample
APT28/1-IA/T1566-phishing/T1566.001 Phishing SpearPhishing Attachment/payload.docx
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
APT28/1-IA/T1566-phishing/T1566.001 Phishing SpearPhishing Attachment/payload.docx
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
APT28/2-Execution/T1059.001-Powershell/payload.ps1
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
APT28/2-Execution/T1059.001-Powershell/payload.ps1
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
APT28/2-Execution/T1059.003-cmd/test.bat
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral6
Sample
APT28/2-Execution/T1059.003-cmd/test.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
APT28/2-Execution/T1059.005-VB/payload.vbs
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral8
Sample
APT28/2-Execution/T1059.005-VB/payload.vbs
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
APT28/2-Execution/T1204.002 Malicious File/payload.docm
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
APT28/2-Execution/T1204.002 Malicious File/payload.docm
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
APT28/2-Execution/lnk/EmbedExeLnk.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
APT28/2-Execution/lnk/EmbedExeLnk.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
APT28/2-Execution/lnk/Report.lnk
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral14
Sample
APT28/2-Execution/lnk/Report.lnk
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
APT28/2-Execution/lnk/gen-embed-zip.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
APT28/2-Execution/lnk/gen-embed-zip.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
APT28/2-Execution/lnk/update.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
APT28/2-Execution/lnk/update.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
update.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
update.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
APT28/3-Persistence/SharPersist.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral22
Sample
APT28/3-Persistence/SharPersist.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/officetest.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral24
Sample
APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/officetest.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/payload32.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral26
Sample
APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/payload32.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/payload64.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/payload64.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
APT28/4-Privilege Escalation/T1134 Access Token MAnipulation/Token improsonation theft/BadPotato.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
APT28/4-Privilege Escalation/T1134 Access Token MAnipulation/Token improsonation theft/BadPotato.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
APT28/4-Privilege Escalation/T1134 Access Token MAnipulation/Token improsonation theft/NSudoLG.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral32
Sample
APT28/4-Privilege Escalation/T1134 Access Token MAnipulation/Token improsonation theft/NSudoLG.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
APT28/2-Execution/lnk/gen-embed-zip.exe
-
Size
122KB
-
MD5
69d4fd4accdf9a996da5ca9a3d1a4e7b
-
SHA1
3679258fbf25402bd585af5231425e2f26ddf91c
-
SHA256
6dfdc744553d263d5ed5f5404f98774532a2a2b6b7b98141d39c9996ea06f0bb
-
SHA512
cd317c313b52fc057951171fb41445ffaefd82e5c1a1902e8083f3ab764dd3916647984d11212331d03cdcfd944b3b94ffbda26877b1c519f18099558cd20be4
-
SSDEEP
3072:QD738JQxbOF2cCdVKA8YaPAj9PbgBLpnYhNoXBuYrF:Qf8RF2fSY3vSrF