2eaccf2ffad0c83282b940b5ed1e65f38acacc9e002b48e3bf4f852e1097232a

Analysis

max time kernel
0s
max time network
3s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-03-2024 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ransomwares/FakePetya/FakePetya.exe
Size

55KB
MD5

c01399c30e8744681251164fae8dca01
SHA1

46e215f2b1b3ab8b56d5a010b32e0da80b356d2f
SHA256

4146805a52db2d4fdb1183bb45f0cd4d90cf184cbd0d5ec2cf370e2fa2813cd7
SHA512

cc9e3e23dbe4ae9a2828c12de0fb0a593c5f7a4cd31ba7cc7457d3b3eee04931542b0dc925adc9960ea1051915dcc349460e262ca8770ba99b4c50e9804c1b08
SSDEEP

768:ZI3niJqlQTwuJVu8CX729+Nl/ObYxDlj6rJADzA4zt+jsIu8x:S3iJqlQj1K9NDDl2g8jsIfx

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

FakePetya.exe

description ioc process

File opened for modification \??\PhysicalDrive0 FakePetya.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	FakePetya.exe

C:\Users\Admin\AppData\Local\Temp\ransomwares\FakePetya\FakePetya.exe
"C:\Users\Admin\AppData\Local\Temp\ransomwares\FakePetya\FakePetya.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2012

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads