29c4f651a83f39322d30c94228d89d67557bae5993c9dc34699089e0c6b0c2d5

Analysis

max time kernel
290s
max time network
256s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/05/2024, 22:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

29c4f651a83f39322d30c94228d89d67557bae5993c9dc34699089e0c6b0c2d5.exe
Size

1.1MB
MD5

2f7dde1f61f7e80d4f5973406a4f2cdc
SHA1

a28fab1faf493ebf4dc4c85fe91c7c6e82255fcc
SHA256

29c4f651a83f39322d30c94228d89d67557bae5993c9dc34699089e0c6b0c2d5
SHA512

8d7c8994520a54ce7608cce08628da8f5beedada25e10c7ce486d8aa49a4cd9ffe398c882872050b8e7d7882fb717fe23fe1efa7fc104e73672e5067e8c21ec2
SSDEEP

24576:nPeGXYP3lOi7b6mdJfCZIF4AbX5CN/aXfWWCGCPN:nPd8V8ymUX50Wed

Score

10^/10

bootkit persistence

Malware Config

Signatures

Pitou 2 IoCs

Pitou.

resource	yara_rule
behavioral2/memory/908-3-0x0000000000400000-0x0000000000518000-memory.dmp	pitou
behavioral2/memory/908-4-0x0000000000400000-0x0000000000518000-memory.dmp	pitou

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	29c4f651a83f39322d30c94228d89d67557bae5993c9dc34699089e0c6b0c2d5.exe

C:\Users\Admin\AppData\Local\Temp\29c4f651a83f39322d30c94228d89d67557bae5993c9dc34699089e0c6b0c2d5.exe
"C:\Users\Admin\AppData\Local\Temp\29c4f651a83f39322d30c94228d89d67557bae5993c9dc34699089e0c6b0c2d5.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/908-0-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/908-1-0x0000000002790000-0x0000000002808000-memory.dmp

Filesize
480KB

Download
memory/908-2-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/908-3-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/908-4-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/908-5-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/908-7-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads