7545ce88db3b71ae3a67cea60dc15a4c80e77838c71edcea41b1e2e98d21d2f1

Analysis

max time kernel
291s
max time network
126s
platform
windows7_x64
resource
win7-20231130-en
resource tags

arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
submitted
11-12-2023 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7545ce88db3b71ae3a67cea60dc15a4c80e77838c71edcea41b1e2e98d21d2f1.exe
Size

535KB
MD5

b4d17dedebc41caf284b358027f91627
SHA1

6f37c1e4059eb8393dce770a7a19d80652b0eb57
SHA256

7545ce88db3b71ae3a67cea60dc15a4c80e77838c71edcea41b1e2e98d21d2f1
SHA512

f7a93e423861a72368356c90c5d8b67c1f43419ab97189a2a5ab206be3120a9ab593e2f3a216003cb79245fd330280cc508c94abae25dbeb36bed0086695acc5
SSDEEP

12288:/8jwo+9lRtalnf0s3kIHZ9gRNP9LPViOG:Emjr6l5HMP9LPViOG

Score

10^/10

bootkit persistence

Malware Config

Signatures

Pitou 2 IoCs

Pitou.

resource	yara_rule
behavioral1/memory/2184-4-0x0000000000400000-0x00000000008A9000-memory.dmp	pitou
behavioral1/memory/2184-5-0x0000000000400000-0x00000000008A9000-memory.dmp	pitou

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	7545ce88db3b71ae3a67cea60dc15a4c80e77838c71edcea41b1e2e98d21d2f1.exe

C:\Users\Admin\AppData\Local\Temp\7545ce88db3b71ae3a67cea60dc15a4c80e77838c71edcea41b1e2e98d21d2f1.exe
"C:\Users\Admin\AppData\Local\Temp\7545ce88db3b71ae3a67cea60dc15a4c80e77838c71edcea41b1e2e98d21d2f1.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2184-1-0x0000000000290000-0x0000000000390000-memory.dmp

Filesize
1024KB

Download
memory/2184-2-0x00000000008B0000-0x000000000091B000-memory.dmp

Filesize
428KB

Download
memory/2184-3-0x0000000000400000-0x00000000008A9000-memory.dmp

Filesize
4.7MB

Download
memory/2184-4-0x0000000000400000-0x00000000008A9000-memory.dmp

Filesize
4.7MB

Download
memory/2184-5-0x0000000000400000-0x00000000008A9000-memory.dmp

Filesize
4.7MB

Download
memory/2184-7-0x0000000000290000-0x0000000000390000-memory.dmp

Filesize
1024KB

Download
memory/2184-8-0x00000000008B0000-0x000000000091B000-memory.dmp

Filesize
428KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads