Overview

overview

10

Static

static

3

Virus/000.exe

windows10-1703-x64

Virus/Bonzify.exe

windows10-1703-x64

8

Virus/MEMZ.bat

windows10-1703-x64

7

Virus/MEMZ.exe

windows10-1703-x64

7

Virus/NoEscape.exe

windows10-1703-x64

Virus/Petya.exe

windows10-1703-x64

6

Virus/Vine...al.exe

windows10-1703-x64

8

Virus/WannaCry.exe

windows10-1703-x64

10

Virus/WinX...p).exe

windows10-1703-x64

10

Resubmissions

22-02-2024 15:00

240222-sdrylsbh25 10

Analysis

  • max time kernel
    2s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-02-2024 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Virus/Petya.exe

  • Size

    225KB

  • MD5

    af2379cc4d607a45ac44d62135fb7015

  • SHA1

    39b6d40906c7f7f080e6befa93324dddadcbd9fa

  • SHA256

    26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

  • SHA512

    69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

  • SSDEEP

    6144:DCyjXhd1mialK+qoNr8PxtZE6x5v+k6f:rjXhd8ZlKOrMZE6x5b6f

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Virus\Petya.exe
    "C:\Users\Admin\AppData\Local\Temp\Virus\Petya.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    PID:3724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3724-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/3724-1-0x0000000002050000-0x0000000002062000-memory.dmp

    Filesize

    72KB

    Download