c8d871db88fe7e80b9463723a2a21354fb9ae09b51b1582c90a67b8c2cd7c082

Analysis

max time kernel
292s
max time network
303s
platform
windows10-1703_x64
resource
win10-20240319-en
resource tags

arch:x64arch:x86image:win10-20240319-enlocale:en-usos:windows10-1703-x64system
submitted
18-04-2024 23:09

Target

c8d871db88fe7e80b9463723a2a21354fb9ae09b51b1582c90a67b8c2cd7c082.exe
Size

567KB
MD5

58c170c5652d7cb0c0e5a942ee4d6cfa
SHA1

d7d81816a10a0036c5cc2df5e78366bcd3c4ddd4
SHA256

c8d871db88fe7e80b9463723a2a21354fb9ae09b51b1582c90a67b8c2cd7c082
SHA512

4d99383dc469001d90e19b7bff7ec87594fe3b0b3684c8e1f3efa982bc111553b8c39a3cff95819314c345f70a961e0a17c00e429f5ecae6fd8e41141bf6440c
SSDEEP

12288:FSL69zs1DwJ2Y+SDBeBUlEUtxrGNZMgOspvLBJRa5c:Fd9zs1DhY+QYuEUmZMULV

Score

10^/10

Pitou 2 IoCs

Pitou.

Processes:

resource	yara_rule
behavioral2/memory/5116-3-0x0000000000400000-0x0000000002C70000-memory.dmp	pitou
behavioral2/memory/5116-5-0x0000000000400000-0x0000000002C70000-memory.dmp	pitou

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

c8d871db88fe7e80b9463723a2a21354fb9ae09b51b1582c90a67b8c2cd7c082.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 c8d871db88fe7e80b9463723a2a21354fb9ae09b51b1582c90a67b8c2cd7c082.exe

description	ioc	process
File opened for modification	\??\PHYSICALDRIVE0	c8d871db88fe7e80b9463723a2a21354fb9ae09b51b1582c90a67b8c2cd7c082.exe

C:\Users\Admin\AppData\Local\Temp\c8d871db88fe7e80b9463723a2a21354fb9ae09b51b1582c90a67b8c2cd7c082.exe
"C:\Users\Admin\AppData\Local\Temp\c8d871db88fe7e80b9463723a2a21354fb9ae09b51b1582c90a67b8c2cd7c082.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:5116

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/5116-1-0x0000000002DB0000-0x0000000002EB0000-memory.dmp

Filesize
1024KB

Download
memory/5116-2-0x0000000002D00000-0x0000000002D6B000-memory.dmp

Filesize
428KB

Download
memory/5116-4-0x0000000000400000-0x0000000002C70000-memory.dmp

Filesize
40.4MB

Download
memory/5116-3-0x0000000000400000-0x0000000002C70000-memory.dmp

Filesize
40.4MB

Download
memory/5116-5-0x0000000000400000-0x0000000002C70000-memory.dmp

Filesize
40.4MB

Download
memory/5116-7-0x0000000002DB0000-0x0000000002EB0000-memory.dmp

Filesize
1024KB

Download
memory/5116-8-0x0000000002D00000-0x0000000002D6B000-memory.dmp

Filesize
428KB

Download