43c48eb8294ce65189c6744601cb1435854ec6f0543461011a89844a4a73aced

Analysis

max time kernel
1345s
max time network
1128s
platform
windows10-2004_x64
resource
win10v2004-20240709-uk
resource tags

arch:x64arch:x86image:win10v2004-20240709-uklocale:uk-uaos:windows10-2004-x64systemwindows
submitted
20/07/2024, 11:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PetyaBuilder.exe
Size

1.9MB
MD5

3ab443f6cf4b95b143427929acbfea67
SHA1

c4b9c894489eaf02fad1e4e48d470345661e5c6c
SHA256

43c48eb8294ce65189c6744601cb1435854ec6f0543461011a89844a4a73aced
SHA512

ba6a191a2af3cf5ae520f4e57bcc00a5f37c5e684152e1f14960a8bc80018dd9199c33b182d89a870e03b8dc0c6ac36d1446904bb1be29f0bdaeaa99a899da26
SSDEEP

49152:0dFcxCprxiiYLRuxHpbH9y8rR5YGR4SVC:gOC9wiMiH9y815YG2/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
61	raw.githubusercontent.com
60	raw.githubusercontent.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	772	PetyaBuilder.exe

C:\Users\Admin\AppData\Local\Temp\PetyaBuilder.exe
"C:\Users\Admin\AppData\Local\Temp\PetyaBuilder.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/772-0-0x00007FFE57FE3000-0x00007FFE57FE5000-memory.dmp

Filesize
8KB

Download
memory/772-1-0x0000000000550000-0x0000000000560000-memory.dmp

Filesize
64KB

Download
memory/772-2-0x000000001B160000-0x000000001B532000-memory.dmp

Filesize
3.8MB

Download
memory/772-20-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-28-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-44-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-56-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-58-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-66-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-64-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-62-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-60-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-54-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-52-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-50-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-48-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-46-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-42-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-40-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-38-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-34-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-32-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-36-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-30-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-26-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-24-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-22-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-18-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-16-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-12-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-10-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-6-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-3-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-14-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-8-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-5-0x000000001B160000-0x000000001B52F000-memory.dmp

Filesize
3.8MB

Download
memory/772-31605-0x0000000000B30000-0x0000000000B4A000-memory.dmp

Filesize
104KB

Download
memory/772-31606-0x00007FFE57FE0000-0x00007FFE58AA1000-memory.dmp

Filesize
10.8MB

Download
memory/772-31607-0x000000001B5A0000-0x000000001B5D6000-memory.dmp

Filesize
216KB

Download
memory/772-31608-0x00007FFE57FE0000-0x00007FFE58AA1000-memory.dmp

Filesize
10.8MB

Download
memory/772-31610-0x00007FFE57FE0000-0x00007FFE58AA1000-memory.dmp

Filesize
10.8MB

Download
memory/772-31611-0x00007FFE57FE3000-0x00007FFE57FE5000-memory.dmp

Filesize
8KB

Download
memory/772-31612-0x00007FFE57FE0000-0x00007FFE58AA1000-memory.dmp

Filesize
10.8MB

Download
memory/772-31613-0x00007FFE57FE0000-0x00007FFE58AA1000-memory.dmp

Filesize
10.8MB

Download
memory/772-31614-0x00007FFE57FE0000-0x00007FFE58AA1000-memory.dmp

Filesize
10.8MB

Download