Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    290s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04-02-2024 03:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c66ae6e0555a80d1570e7ad84c1ce8c5b78b9ba18848f909b23ed5ed55a4bab1.exe

  • Size

    544KB

  • MD5

    e3e4e58f3ac276228254c448dc3e938f

  • SHA1

    9da07bb0f61a307ed7340065191aec9b9209a999

  • SHA256

    c66ae6e0555a80d1570e7ad84c1ce8c5b78b9ba18848f909b23ed5ed55a4bab1

  • SHA512

    a82f926363b7c0ce698815afa8284160794ba9078d11e145784e4407559e006392ef1123333a5904bd1ef2e4dd2c26dbcc2c2835e21ba73338f879dd361e3942

  • SSDEEP

    12288:nXrAA5ICjMj4Kp14gWq741Jbhntsyk1b7:n7tTjMjjH471BVmb

Score
10/10
bootkitpersistence

Malware Config

Signatures

  • Pitou 2 IoCs

    Pitou.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\c66ae6e0555a80d1570e7ad84c1ce8c5b78b9ba18848f909b23ed5ed55a4bab1.exe
    "C:\Users\Admin\AppData\Local\Temp\c66ae6e0555a80d1570e7ad84c1ce8c5b78b9ba18848f909b23ed5ed55a4bab1.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/660-1-0x00000000009A0000-0x0000000000AA0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/660-2-0x0000000000220000-0x000000000028B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/660-4-0x0000000000400000-0x0000000000811000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/660-3-0x0000000000400000-0x0000000000811000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/660-5-0x0000000000400000-0x0000000000811000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/660-7-0x00000000009A0000-0x0000000000AA0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/660-8-0x0000000000220000-0x000000000028B000-memory.dmp

    Filesize

    428KB

    Download