Overview

overview

10

Static

static

10

malware-sa...04.exe

windows7-x64

10

malware-sa...04.exe

windows10-2004-x64

10

malware-sa...nt.doc

windows7-x64

4

malware-sa...nt.doc

windows10-2004-x64

1

malware-sa...oc.xls

windows7-x64

10

malware-sa...oc.xls

windows10-2004-x64

10

malware-sa...l.docm

windows7-x64

10

malware-sa...l.docm

windows10-2004-x64

6

malware-sa...nt.exe

windows7-x64

3

malware-sa...nt.exe

windows10-2004-x64

3

malware-sa...on.exe

windows7-x64

3

malware-sa...on.exe

windows10-2004-x64

3

malware-sa...el.exe

windows7-x64

1

malware-sa...el.exe

windows10-2004-x64

1

malware-sa...ab.exe

windows7-x64

3

malware-sa...ab.exe

windows10-2004-x64

3

malware-sa...nt.exe

windows7-x64

3

malware-sa...nt.exe

windows10-2004-x64

3

malware-sa...nt.exe

windows7-x64

3

malware-sa...nt.exe

windows10-2004-x64

3

malware-sa...FI.exe

windows7-x64

8

malware-sa...FI.exe

windows10-2004-x64

8

malware-sa...nt.exe

windows7-x64

7

malware-sa...nt.exe

windows10-2004-x64

7

malware-sa...LL.dll

windows7-x64

3

malware-sa...LL.dll

windows10-2004-x64

3

malware-sa...ar.bin

macos-10.15-amd64

1

malware-sa...an.exe

windows7-x64

1

malware-sa...an.exe

windows10-2004-x64

1

malware-sa...64.dll

windows7-x64

8

malware-sa...64.dll

windows10-2004-x64

8

malware-sa...28.exe

windows7-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2025, 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    malware-sample-library-master/APT28 FancyBear/APT28Hospital.docm

  • Size

    76KB

  • MD5

    9b10685b774a783eabfecdb6119a8aa3

  • SHA1

    f293a2bfb728060c54efeeb03c5323893b5c80df

  • SHA256

    a4a455db9f297e2b9fe99d63c9d31e827efb2cda65be445625fa64f4fce7f797

  • SHA512

    26a0f0dd37439da543526704b5a689ed9f9317baf357d9a7a4d885855d80b5745a07972da3a1c5b06f39fcbbbff9e94f0729edbdba8963b0dcb8c650addbdc48

  • SSDEEP

    1536:009J0E4v13p/gL7Jj4P9bvzKGXpIiUvh23oKRO/HhcKmFoR:fb4v13pYL7J49bvr5Iias32Jc5FoR

Score
6/10

Malware Config

Signatures

  • Process spawned suspicious child process 1 IoCs

    This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\malware-sample-library-master\APT28 FancyBear\APT28Hospital.docm" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE
      "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 4380
      2⤵
      • Process spawned suspicious child process
      • Suspicious use of WriteProcessMemory
      PID:3132
      • C:\Windows\system32\dwwin.exe
        C:\Windows\system32\dwwin.exe -x -s 4380
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        PID:2240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/620-14-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-15-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-0-0x00007FFA87210000-0x00007FFA87220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/620-4-0x00007FFA87210000-0x00007FFA87220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/620-3-0x00007FFA87210000-0x00007FFA87220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/620-5-0x00007FFA87210000-0x00007FFA87220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/620-9-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-12-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-11-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-10-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-8-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-7-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-6-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-13-0x00007FFA84A60000-0x00007FFA84A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/620-2-0x00007FFA87210000-0x00007FFA87220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/620-1-0x00007FFAC722D000-0x00007FFAC722E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/620-21-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-19-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-16-0x00007FFA84A60000-0x00007FFA84A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/620-22-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-20-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-18-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-17-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-48-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-50-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-52-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/620-80-0x00007FFAC7190000-0x00007FFAC7385000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3132-79-0x00007FFA87210000-0x00007FFA87220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3132-77-0x00007FFA87210000-0x00007FFA87220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3132-78-0x00007FFA87210000-0x00007FFA87220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3132-76-0x00007FFA87210000-0x00007FFA87220000-memory.dmp

    Filesize

    64KB

    Download