diff --git a/src/runtime/pkg/katautils/create.go b/src/runtime/pkg/katautils/create.go
index ffcaa07154..d2c9c69cfb 100644
--- a/src/runtime/pkg/katautils/create.go
+++ b/src/runtime/pkg/katautils/create.go
@@ -162,6 +162,21 @@ func CreateSandbox(ctx context.Context, vci vc.VC, ociSpec specs.Spec, runtimeCo
 	ociSpec.Annotations["nerdctl/network-namespace"] = sandboxConfig.NetworkConfig.NetworkID
 	sandboxConfig.Annotations["nerdctl/network-namespace"] = ociSpec.Annotations["nerdctl/network-namespace"]
 
+	sandbox, err := vci.CreateSandbox(ctx, sandboxConfig)
+	if err != nil {
+		return nil, vc.Process{}, err
+	}
+
+	hid, err := sandbox.GetHypervisorPid()
+	if err != nil {
+		return nil, vc.Process{}, err
+	}
+	ctx = context.WithValue(ctx, "hypervisor-pid", hid)
+
+	sid := sandbox.ID()
+	kataUtilsLogger = kataUtilsLogger.WithField("sandbox", sid)
+	katatrace.AddTags(span, "sandbox_id", sid)
+
 	// Run pre-start OCI hooks, in the runtime namespace.
 	if err := PreStartHooks(ctx, ociSpec, containerID, bundlePath); err != nil {
 		return nil, vc.Process{}, err
@@ -172,15 +187,6 @@ func CreateSandbox(ctx context.Context, vci vc.VC, ociSpec specs.Spec, runtimeCo
 		return nil, vc.Process{}, err
 	}
 
-	sandbox, err := vci.CreateSandbox(ctx, sandboxConfig)
-	if err != nil {
-		return nil, vc.Process{}, err
-	}
-
-	sid := sandbox.ID()
-	kataUtilsLogger = kataUtilsLogger.WithField("sandbox", sid)
-	katatrace.AddTags(span, "sandbox_id", sid)
-
 	containers := sandbox.GetAllContainers()
 	if len(containers) != 1 {
 		return nil, vc.Process{}, fmt.Errorf("BUG: Container list from sandbox is wrong, expecting only one container, found %d containers", len(containers))
@@ -255,6 +261,12 @@ func CreateContainer(ctx context.Context, sandbox vc.VCSandbox, ociSpec specs.Sp
 		return vc.Process{}, err
 	}
 
+	hid, err := sandbox.GetHypervisorPid()
+	if err != nil {
+		return vc.Process{}, err
+	}
+	ctx = context.WithValue(ctx, HypervisorPidKey{}, hid)
+
 	// Run pre-start OCI hooks.
 	err = EnterNetNS(sandbox.GetNetNs(), func() error {
 		return PreStartHooks(ctx, ociSpec, containerID, bundlePath)
diff --git a/src/runtime/pkg/katautils/hook.go b/src/runtime/pkg/katautils/hook.go
index 50ac95cb85..02a4f75973 100644
--- a/src/runtime/pkg/katautils/hook.go
+++ b/src/runtime/pkg/katautils/hook.go
@@ -28,6 +28,8 @@ var hookTracingTags = map[string]string{
 	"subsystem": "hook",
 }
 
+type HypervisorPidKey struct{}
+
 // Logger returns a logrus logger appropriate for logging hook messages
 func hookLogger() *logrus.Entry {
 	return kataUtilsLogger.WithField("subsystem", "hook")
@@ -38,8 +40,16 @@ func runHook(ctx context.Context, spec specs.Spec, hook specs.Hook, cid, bundleP
 	defer span.End()
 	katatrace.AddTags(span, "path", hook.Path, "args", hook.Args)
 
+	pid, ok := ctx.Value(HypervisorPidKey{}).(int)
+	if !ok || pid == 0 {
+		hookLogger().Info("no hypervisor pid")
+
+		pid = syscallWrapper.Gettid()
+	}
+	hookLogger().Infof("hypervisor pid %v", pid)
+
 	state := specs.State{
-		Pid:         syscallWrapper.Gettid(),
+		Pid:         pid,
 		Bundle:      bundlePath,
 		ID:          cid,
 		Annotations: spec.Annotations,