06fbcf3c86794d4832287b441d3c00a0c39ea09d5ba86e7e8cdac3a1ee6fd06d

Analysis

max time kernel
149s
max time network
103s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
31-05-2024 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PetyaDecryptor/id_raw.txt
Size

77B
MD5

670a3371e069a1380ee66e3feef4c9ad
SHA1

25407dad7bca1719f07dfd2322f23f5988722f1a
SHA256

6f50b2efa4ec02ed27d1a5e0a72efd48dbc28f0dcbe729da03072e56022b1b1a
SHA512

2a6e311d1536ac0fb790b5313d9376ea472decd89a9a9c6c5fff7989b164afcc471d0d59670a00182e51f500769b07f7a422a9eea2ddac8aabd132d1df6e66fd

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4608	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 4608	4864	cmd.exe	81
PID 4864 wrote to memory of 4608	4864	cmd.exe	81

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\PetyaDecryptor\id_raw.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\PetyaDecryptor\id_raw.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads