7b4d57e9f26d80f5e5de6298d3b1562ef6e5519b25168c40c03e661de11b570c

Analysis

max time kernel
291s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-03-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b4d57e9f26d80f5e5de6298d3b1562ef6e5519b25168c40c03e661de11b570c.exe
Size

533KB
MD5

8bdd69dbbf625cc5b0b0a23808b6d9e3
SHA1

934cef92585f3b4e459a1d2fe8295782ad1234ea
SHA256

7b4d57e9f26d80f5e5de6298d3b1562ef6e5519b25168c40c03e661de11b570c
SHA512

27d77bc98d495ed8b677d8e85f0b34d2bcb24c5e5477853bfb636c2a032e7528c8a5785a396b436b0f448750c8cbe106717868b55267bc3a232058aa25b28aba
SSDEEP

12288:UhIrlMPKOHt9f8QS9jU/PaHaHyUgdxBSMFED4arOUDnD:UhLN9ClUqSqEiEDZO4

Score

10^/10

bootkit persistence

Malware Config

Signatures

Pitou 2 IoCs

Pitou.

resource	yara_rule
behavioral1/memory/2184-4-0x0000000000400000-0x0000000000589000-memory.dmp	pitou
behavioral1/memory/2184-5-0x0000000000400000-0x0000000000589000-memory.dmp	pitou

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	7b4d57e9f26d80f5e5de6298d3b1562ef6e5519b25168c40c03e661de11b570c.exe

C:\Users\Admin\AppData\Local\Temp\7b4d57e9f26d80f5e5de6298d3b1562ef6e5519b25168c40c03e661de11b570c.exe
"C:\Users\Admin\AppData\Local\Temp\7b4d57e9f26d80f5e5de6298d3b1562ef6e5519b25168c40c03e661de11b570c.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2184-1-0x00000000002B0000-0x00000000003B0000-memory.dmp

Filesize
1024KB

Download
memory/2184-2-0x0000000001D60000-0x0000000001DCB000-memory.dmp

Filesize
428KB

Download
memory/2184-3-0x0000000000400000-0x0000000000589000-memory.dmp

Filesize
1.5MB

Download
memory/2184-4-0x0000000000400000-0x0000000000589000-memory.dmp

Filesize
1.5MB

Download
memory/2184-5-0x0000000000400000-0x0000000000589000-memory.dmp

Filesize
1.5MB

Download
memory/2184-6-0x00000000002B0000-0x00000000003B0000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads