dd77409058384b6552607a43f48ffd030da816c53fb48b181b2afb8999e6e7ab

Analysis

max time kernel
290s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-03-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd77409058384b6552607a43f48ffd030da816c53fb48b181b2afb8999e6e7ab.exe
Size

530KB
MD5

e71bbd1e66bfd4368cc8cb8fa072b09e
SHA1

eab95b95520fd835504c47638dc28013bc7ee6ae
SHA256

dd77409058384b6552607a43f48ffd030da816c53fb48b181b2afb8999e6e7ab
SHA512

bedcda17679f2281d140d49a6117e5635e09528ee69466dae0bc385c09823ee1400c5e62970907280d650218cef9f586eef2eb688983288a5647669384498825
SSDEEP

12288:TcI2UwP83QXVB7L/gq/aRpt2kOv5rR3uZsRWzudKWuiwAQ:Tiki7L40UIrRMtqKWs

Score

10^/10

bootkit persistence

Malware Config

Signatures

Pitou 3 IoCs

Pitou.

resource	yara_rule
behavioral1/memory/1652-4-0x0000000000400000-0x0000000000589000-memory.dmp	pitou
behavioral1/memory/1652-2-0x0000000000400000-0x0000000000589000-memory.dmp	pitou
behavioral1/memory/1652-5-0x0000000000400000-0x0000000000589000-memory.dmp	pitou

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	dd77409058384b6552607a43f48ffd030da816c53fb48b181b2afb8999e6e7ab.exe

C:\Users\Admin\AppData\Local\Temp\dd77409058384b6552607a43f48ffd030da816c53fb48b181b2afb8999e6e7ab.exe
"C:\Users\Admin\AppData\Local\Temp\dd77409058384b6552607a43f48ffd030da816c53fb48b181b2afb8999e6e7ab.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1652-3-0x0000000000270000-0x00000000002DB000-memory.dmp

Filesize
428KB

Download
memory/1652-4-0x0000000000400000-0x0000000000589000-memory.dmp

Filesize
1.5MB

Download
memory/1652-2-0x0000000000400000-0x0000000000589000-memory.dmp

Filesize
1.5MB

Download
memory/1652-1-0x00000000006E0000-0x00000000007E0000-memory.dmp

Filesize
1024KB

Download
memory/1652-5-0x0000000000400000-0x0000000000589000-memory.dmp

Filesize
1.5MB

Download
memory/1652-7-0x00000000006E0000-0x00000000007E0000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads