Analysis

  • max time kernel
    2s
  • platform
    windows10-1703_x64
  • resource
    win10-20240214-en
  • resource tags

    arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17-02-2024 15:18

General

  • Target

    malware-samples-master/Ransomware/Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1).exe

  • Size

    788KB

  • MD5

    a92f13f3a1b3b39833d3cc336301b713

  • SHA1

    d1c62ac62e68875085b62fa651fb17d4d7313887

  • SHA256

    4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c

  • SHA512

    361a5199b5a6321d88f6e7b66eaad3756b4ea7a706fa9dbbe3ffe29217f673d12dd1200e05f96c2175feffc6fecc7f09fda4dd6bfa0ce7bef3d9372f6a534920

  • SSDEEP

    24576:z0wz1d5bAbWhrc56zQ9T4Ole+5PIuklOjB:Hd5Vhr4IMTbeGPJHjB

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\malware-samples-master\Ransomware\Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1).exe
    "C:\Users\Admin\AppData\Local\Temp\malware-samples-master\Ransomware\Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1).exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    PID:5088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5088-0-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

  • memory/5088-1-0x0000000000650000-0x0000000000662000-memory.dmp

    Filesize

    72KB