fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1

Analysis

max time kernel
291s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1.exe
Size

563KB
MD5

f6b03ed8524f3ea2fedb0f2b057d2f33
SHA1

00d634e7a57ac743b4febf5b30dd94e71648df29
SHA256

fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1
SHA512

f3e14fa6ac5e440e8e3e724b84411e8cbc3c404d1a67a115d1c7e6f7016a359bf3f7fee8d67ec0a6ad8e0cd3fe1b65ddfb4d833617d19bb4a1ad50e0dfed26b6
SSDEEP

6144:khP8lpWVMzjdE0fffJjgyGTldq2+xAbbDok/zLzu3/p/ymCh:k8l+MRFgyGnFnDrLiBa

Score

10^/10

bootkit persistence

Malware Config

Signatures

Pitou 4 IoCs

Pitou.

resource	yara_rule
behavioral1/memory/2972-3-0x0000000000400000-0x0000000002B4A000-memory.dmp	pitou
behavioral1/memory/2972-1-0x0000000000400000-0x0000000002B4A000-memory.dmp	pitou
behavioral1/memory/2972-4-0x0000000000400000-0x0000000002B4A000-memory.dmp	pitou
behavioral1/memory/2972-5-0x0000000000400000-0x0000000002B4A000-memory.dmp	pitou

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1.exe

C:\Users\Admin\AppData\Local\Temp\fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1.exe
"C:\Users\Admin\AppData\Local\Temp\fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2972-2-0x0000000000400000-0x0000000002B4A000-memory.dmp

Filesize
39.3MB

Download
memory/2972-3-0x0000000000400000-0x0000000002B4A000-memory.dmp

Filesize
39.3MB

Download
memory/2972-1-0x0000000000400000-0x0000000002B4A000-memory.dmp

Filesize
39.3MB

Download
memory/2972-4-0x0000000000400000-0x0000000002B4A000-memory.dmp

Filesize
39.3MB

Download
memory/2972-5-0x0000000000400000-0x0000000002B4A000-memory.dmp

Filesize
39.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads