ed6a6e1bfacaa0d18f44616342463cc6702a80d24ea1b7750f0b4305dade2673

Submit
Reports

Overview

overview

Static

static

APT28/1-IA...d.docx

windows7-x64

APT28/1-IA...d.docx

windows10-2004-x64

APT28/2-Ex...ad.ps1

windows7-x64

APT28/2-Ex...ad.ps1

windows10-2004-x64

APT28/2-Ex...st.bat

windows7-x64

APT28/2-Ex...st.bat

windows10-2004-x64

APT28/2-Ex...ad.vbs

windows7-x64

APT28/2-Ex...ad.vbs

windows10-2004-x64

APT28/2-Ex...d.docm

windows7-x64

APT28/2-Ex...d.docm

windows10-2004-x64

APT28/2-Ex...nk.exe

windows7-x64

APT28/2-Ex...nk.exe

windows10-2004-x64

APT28/2-Ex...rt.lnk

windows7-x64

APT28/2-Ex...rt.lnk

windows10-2004-x64

APT28/2-Ex...ip.exe

windows7-x64

APT28/2-Ex...ip.exe

windows10-2004-x64

APT28/2-Ex...te.exe

windows7-x64

APT28/2-Ex...te.exe

windows10-2004-x64

update.exe

windows7-x64

update.exe

windows10-2004-x64

APT28/3-Pe...st.exe

windows7-x64

APT28/3-Pe...st.exe

windows10-2004-x64

APT28/3-Pe...st.dll

windows7-x64

APT28/3-Pe...st.dll

windows10-2004-x64

APT28/3-Pe...32.dll

windows7-x64

APT28/3-Pe...32.dll

windows10-2004-x64

APT28/3-Pe...64.dll

windows7-x64

APT28/3-Pe...64.dll

windows10-2004-x64

APT28/4-Pr...to.exe

windows7-x64

APT28/4-Pr...to.exe

windows10-2004-x64

APT28/4-Pr...LG.exe

windows7-x64

APT28/4-Pr...LG.exe

windows10-2004-x64

Analysis

max time kernel
94s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 11:26

Sharing

Copy URL

Twitter E-mail

Static task

static1

macro

2 signatures

Behavioral task

behavioral1

Sample

APT28/1-IA/T1566-phishing/T1566.001 Phishing SpearPhishing Attachment/payload.docx

Resource

win7-20241010-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

APT28/1-IA/T1566-phishing/T1566.001 Phishing SpearPhishing Attachment/payload.docx

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

APT28/2-Execution/T1059.001-Powershell/payload.ps1

Resource

win7-20240903-en

execution

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

APT28/2-Execution/T1059.001-Powershell/payload.ps1

Resource

win10v2004-20241007-en

execution

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral5

Sample

APT28/2-Execution/T1059.003-cmd/test.bat

Resource

win7-20241010-en

dropper

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

APT28/2-Execution/T1059.003-cmd/test.bat

Resource

win10v2004-20241007-en

dropper

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

APT28/2-Execution/T1059.005-VB/payload.vbs

Resource

win7-20241023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

APT28/2-Execution/T1059.005-VB/payload.vbs

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral9

Sample

APT28/2-Execution/T1204.002 Malicious File/payload.docm

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral10

Sample

APT28/2-Execution/T1204.002 Malicious File/payload.docm

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral11

Sample

APT28/2-Execution/lnk/EmbedExeLnk.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

APT28/2-Execution/lnk/EmbedExeLnk.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

APT28/2-Execution/lnk/Report.lnk

Resource

win7-20240729-en

defense_evasion execution

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral14

Sample

APT28/2-Execution/lnk/Report.lnk

Resource

win10v2004-20241007-en

defense_evasion execution

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral15

Sample

APT28/2-Execution/lnk/gen-embed-zip.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

APT28/2-Execution/lnk/gen-embed-zip.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

APT28/2-Execution/lnk/update.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

APT28/2-Execution/lnk/update.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

update.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

update.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

APT28/3-Persistence/SharPersist.exe

Resource

win7-20241023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

APT28/3-Persistence/SharPersist.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/officetest.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/officetest.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/payload32.dll

Resource

win7-20241010-en

discovery

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/payload32.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/payload64.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/payload64.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

APT28/4-Privilege Escalation/T1134 Access Token MAnipulation/Token improsonation theft/BadPotato.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

APT28/4-Privilege Escalation/T1134 Access Token MAnipulation/Token improsonation theft/BadPotato.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

APT28/4-Privilege Escalation/T1134 Access Token MAnipulation/Token improsonation theft/NSudoLG.exe

Resource

win7-20241023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral32

Sample

APT28/4-Privilege Escalation/T1134 Access Token MAnipulation/Token improsonation theft/NSudoLG.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

APT28/3-Persistence/T1137 Office Application Startup/Office Test T1137.002/payload64.dll
Size

320KB
MD5

88685ceb4e3b78169a3c8f8b18d98f2a
SHA1

d032130eabd32717f279cc665424a8a01f391254
SHA256

82bfcdb70be97eabfe30ffcbe53b0b3cbafb352698f4a7cd590223f32aa10aec
SHA512

b8ea0da878172b533aa90299cc148c08168bfb99aa745fb4e4a640e868475c5eb5e8dcf7ee292ab4443f878e45fbe56bf1782f2878f145cd29f77c2b77e56570
SSDEEP

6144:SH/kuGbBPEVUYnTmm+NEGmvMkDEk140jE+8sS7JOx677aJnOsMFCF:SMNq/hGBkQk1QbuJnO3

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\APT28\3-Persistence\T1137 Office Application Startup\Office Test T1137.002\payload64.dll"
1⤵
PID:4956

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads