Analysis
-
max time kernel
10s -
max time network
4s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 13:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
petya.exe
Resource
win7-20240611-en
2 signatures
150 seconds
General
-
Target
petya.exe
-
Size
788KB
-
MD5
a92f13f3a1b3b39833d3cc336301b713
-
SHA1
d1c62ac62e68875085b62fa651fb17d4d7313887
-
SHA256
4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c
-
SHA512
361a5199b5a6321d88f6e7b66eaad3756b4ea7a706fa9dbbe3ffe29217f673d12dd1200e05f96c2175feffc6fecc7f09fda4dd6bfa0ce7bef3d9372f6a534920
-
SSDEEP
24576:z0wz1d5bAbWhrc56zQ9T4Ole+5PIuklOjB:Hd5Vhr4IMTbeGPJHjB
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
petya.exedescription ioc process File opened for modification \??\PhysicalDrive0 petya.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
petya.exedescription pid process Token: SeShutdownPrivilege 2240 petya.exe