Analysis

  • max time kernel
    2s
  • max time network
    1s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    03-03-2024 12:57

General

  • Target

    malware-samples-master/Ransomware/Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1).exe

  • Size

    788KB

  • MD5

    a92f13f3a1b3b39833d3cc336301b713

  • SHA1

    d1c62ac62e68875085b62fa651fb17d4d7313887

  • SHA256

    4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c

  • SHA512

    361a5199b5a6321d88f6e7b66eaad3756b4ea7a706fa9dbbe3ffe29217f673d12dd1200e05f96c2175feffc6fecc7f09fda4dd6bfa0ce7bef3d9372f6a534920

  • SSDEEP

    24576:z0wz1d5bAbWhrc56zQ9T4Ole+5PIuklOjB:Hd5Vhr4IMTbeGPJHjB

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\malware-samples-master\Ransomware\Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1).exe
    "C:\Users\Admin\AppData\Local\Temp\malware-samples-master\Ransomware\Petya\4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c (1).exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    PID:1288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1288-0-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

  • memory/1288-1-0x0000000000250000-0x0000000000262000-memory.dmp

    Filesize

    72KB