b59d4d38c6c98590709bcb7e4299a4e10306b29d46a56c5e8a6bb274bd4bef31

Submit
Reports

Overview

overview

Static

static

BUG32.exe

windows7-x64

BUG32.exe

windows10-2004-x64

Windows/Bonzify.exe

windows7-x64

Windows/Bonzify.exe

windows10-2004-x64

BossDaMajor.exe

windows7-x64

BossDaMajor.exe

windows10-2004-x64

Happy99.exe

windows7-x64

Happy99.exe

windows10-2004-x64

Magistr.exe

windows7-x64

Magistr.exe

windows10-2004-x64

Maldal.exe

windows7-x64

Maldal.exe

windows10-2004-x64

MeltingScreen.exe

windows7-x64

MeltingScreen.exe

windows10-2004-x64

Windows/Ra...ac.exe

windows7-x64

Windows/Ra...ac.exe

windows10-2004-x64

Windows/Ra...it.exe

windows7-x64

Windows/Ra...it.exe

windows10-2004-x64

Windows/Ra...or.exe

windows7-x64

Windows/Ra...or.exe

windows10-2004-x64

Windows/Ra...on.exe

windows7-x64

Windows/Ra...on.exe

windows10-2004-x64

Windows/Ra...ye.exe

windows7-x64

Windows/Ra...ye.exe

windows10-2004-x64

Windows/Ra...Eye.js

windows7-x64

Windows/Ra...Eye.js

windows10-2004-x64

Windows/Ra...ya.exe

windows7-x64

Windows/Ra...ya.exe

windows10-2004-x64

Windows/Ra...om.exe

windows7-x64

Windows/Ra...om.exe

windows10-2004-x64

Windows/Ra...om.exe

windows7-x64

Windows/Ra...om.exe

windows10-2004-x64

Analysis

max time kernel
111s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 22:32

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx

2 signatures

Behavioral task

behavioral1

Sample

BUG32.exe

Resource

win7-20240221-en

evasion persistence ransomware spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

BUG32.exe

Resource

win10v2004-20240226-en

evasion persistence ransomware spyware stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral3

Sample

Windows/Bonzify.exe

Resource

win7-20240221-en

discovery exploit persistence

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral4

Sample

Windows/Bonzify.exe

Resource

win10v2004-20240226-en

discovery exploit

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral5

Sample

BossDaMajor.exe

Resource

win7-20240221-en

evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral6

Sample

BossDaMajor.exe

Resource

win10v2004-20240226-en

evasion persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral7

Sample

Happy99.exe

Resource

win7-20240215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

Happy99.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral9

Sample

Magistr.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

Magistr.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

Maldal.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral12

Sample

Maldal.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

MeltingScreen.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

MeltingScreen.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Windows/Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe

Resource

win7-20240221-en

evasion persistence ransomware trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral16

Sample

Windows/Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe

Resource

win10v2004-20240226-en

evasion persistence ransomware trojan

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral17

Sample

Windows/Ransomware/BadRabbit Ransomware/BadRabbit.exe

Resource

win7-20240221-en

badrabbit mimikatz ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral18

Sample

Windows/Ransomware/BadRabbit Ransomware/BadRabbit.exe

Resource

win10v2004-20240226-en

badrabbit mimikatz ransomware

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral19

Sample

Windows/Ransomware/Monster Ransomware (second new version)/tunamor.exe

Resource

win7-20240221-en

bootkit persistence

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral20

Sample

Windows/Ransomware/Monster Ransomware (second new version)/tunamor.exe

Resource

win10v2004-20240226-en

bootkit persistence

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

Windows/Ransomware/Monster Ransomware/XMoon.exe

Resource

win7-20240221-en

evasion ransomware trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral22

Sample

Windows/Ransomware/Monster Ransomware/XMoon.exe

Resource

win10v2004-20240226-en

ransomware upx

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral23

Sample

Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe

Resource

win7-20240220-en

metasploit backdoor bootkit persistence trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral24

Sample

Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe

Resource

win10v2004-20240226-en

metasploit backdoor bootkit persistence trojan

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral25

Sample

Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js

Resource

win7-20240221-en

metasploit backdoor bootkit persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral26

Sample

Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js

Resource

win10v2004-20240226-en

metasploit backdoor bootkit persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral27

Sample

Windows/Ransomware/Trojan.Ransom.NotPetya/NotPetya.exe

Resource

win7-20240221-en

mimikatz bootkit persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral28

Sample

Windows/Ransomware/Trojan.Ransom.NotPetya/NotPetya.exe

Resource

win10v2004-20240226-en

mimikatz bootkit persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral29

Sample

Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral32

Sample

Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

Windows/Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.exe
Size

473KB
MD5

f9dc218f57d7ecf5a8664a6561a59a2e
SHA1

f9e15d4799c382a00b17c322826c0fbee7a7014b
SHA256

bb990e2307c5f1143f3b8fabd77e62a2754c25b1de45636b93b6c87d1dc12784
SHA512

00c3e39687bcd9951d63adb521c096120d1c81521bb56615b32c42a0f5126f31fea023a173a95230a0d1e74056cd84baad29ffd7615409ff8b07640c550d955a
SSDEEP

12288:9PaAhutLwUVsvLPcFZXYl0oIZdm9n50DNx:9PjutLRuvLPcX8mC5S

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1516	5080	WerFault.exe	79

Processes

C:\Users\Admin\AppData\Local\Temp\Windows\Ransomware\Trojan.Ransom.PetrWrap\Trojan.Ransom.exe
"C:\Users\Admin\AppData\Local\Temp\Windows\Ransomware\Trojan.Ransom.PetrWrap\Trojan.Ransom.exe"
1⤵
PID:5080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 284
  2⤵
  - Program crash
  PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5080 -ip 5080
1⤵
PID:2956

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads