Analysis

  • max time kernel
    4s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    30-07-2021 07:53

General

  • Target

    2222-main/petya.exe

  • Size

    225KB

  • MD5

    af2379cc4d607a45ac44d62135fb7015

  • SHA1

    39b6d40906c7f7f080e6befa93324dddadcbd9fa

  • SHA256

    26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

  • SHA512

    69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2222-main\petya.exe
    "C:\Users\Admin\AppData\Local\Temp\2222-main\petya.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    PID:1724

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1724-60-0x00000000769B1000-0x00000000769B3000-memory.dmp

    Filesize

    8KB

  • memory/1724-61-0x0000000000230000-0x0000000000242000-memory.dmp

    Filesize

    72KB