Analysis Overview
score
6/10
SHA256
e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509
Threat Level: Shows suspicious behavior
The file Petya.A.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 16:44
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 16:44
Reported
2024-03-02 16:45
Platform
win7-20240221-en
Max time kernel
2s
Max time network
4s
Command Line
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
Network
N/A
Files
memory/2168-0-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2168-1-0x00000000003B0000-0x00000000003C2000-memory.dmp