Analysis

  • max time kernel
    291s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 00:15

General

  • Target

    fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1.exe

  • Size

    563KB

  • MD5

    f6b03ed8524f3ea2fedb0f2b057d2f33

  • SHA1

    00d634e7a57ac743b4febf5b30dd94e71648df29

  • SHA256

    fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1

  • SHA512

    f3e14fa6ac5e440e8e3e724b84411e8cbc3c404d1a67a115d1c7e6f7016a359bf3f7fee8d67ec0a6ad8e0cd3fe1b65ddfb4d833617d19bb4a1ad50e0dfed26b6

  • SSDEEP

    6144:khP8lpWVMzjdE0fffJjgyGTldq2+xAbbDok/zLzu3/p/ymCh:k8l+MRFgyGnFnDrLiBa

Score
10/10

Malware Config

Signatures

  • Pitou 2 IoCs

    Pitou.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1.exe
    "C:\Users\Admin\AppData\Local\Temp\fcbfa975c6eea4c760953d6c55a34fd2862383ced56fbed75195ac0a9347bca1.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:2844

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2844-2-0x0000000000220000-0x000000000028B000-memory.dmp

          Filesize

          428KB

        • memory/2844-3-0x0000000000400000-0x000000000046F000-memory.dmp

          Filesize

          444KB

        • memory/2844-1-0x0000000002C80000-0x0000000002D80000-memory.dmp

          Filesize

          1024KB

        • memory/2844-4-0x0000000000400000-0x0000000002B4A000-memory.dmp

          Filesize

          39.3MB

        • memory/2844-5-0x0000000000400000-0x0000000002B4A000-memory.dmp

          Filesize

          39.3MB

        • memory/2844-7-0x0000000002C80000-0x0000000002D80000-memory.dmp

          Filesize

          1024KB

        • memory/2844-8-0x0000000000400000-0x000000000046F000-memory.dmp

          Filesize

          444KB