37b9722dbf8684aadf2d6017942eae875a63bc668bb830c9ff063522bddbb8e5

Analysis

max time kernel
93s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 07:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Manual Autopiano.exe
Size

6.7MB
MD5

ec83198059ded0292b82ae9e7b0ad668
SHA1

51a91ca65f8e30179939f2649aef3b6d84092d0a
SHA256

37b9722dbf8684aadf2d6017942eae875a63bc668bb830c9ff063522bddbb8e5
SHA512

f9ae34335ec3a734eba3f5ff4ad3116d70b25f6b6308f51546ff09217db0314752b59e27fc027a0d60391bc695851e7885f4d1eaf6fa05b24061a67eaa2ec3d6
SSDEEP

196608:yrGx7QICteEroXxWVfEqlbkkwR7VTEJ433S6X66Hk:5QInEroXgfEqirRRoJ433S6K6E

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
4092	Manual Autopiano.exe
4092	Manual Autopiano.exe
4092	Manual Autopiano.exe
4092	Manual Autopiano.exe
4092	Manual Autopiano.exe
4092	Manual Autopiano.exe
4092	Manual Autopiano.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 4092	5084	Manual Autopiano.exe	85
PID 5084 wrote to memory of 4092	5084	Manual Autopiano.exe	85
PID 4092 wrote to memory of 860	4092	Manual Autopiano.exe	86
PID 4092 wrote to memory of 860	4092	Manual Autopiano.exe	86

C:\Users\Admin\AppData\Local\Temp\Manual Autopiano.exe
"C:\Users\Admin\AppData\Local\Temp\Manual Autopiano.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Users\Admin\AppData\Local\Temp\Manual Autopiano.exe
  "C:\Users\Admin\AppData\Local\Temp\Manual Autopiano.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI50842\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_ctypes.pyd

Filesize
123KB

MD5
7ab242d7c026dad5e5837b4579bd4eda

SHA1
b3ff01b8b3da2b3a9c37bfffafc4fb9ee957cc0f

SHA256
1548506345d220d68e9089b9a68b42a9d796141eb6236e600283951cb206eaa1

SHA512
1dd09cf14c87f60b42e5e56d0104154513902c9bfa23eef76a92f4a96c2356b2812dd6eee5e9a74d5ed078ade5f8f6d1f1b01961d7efadfebb543d71c2d31a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_queue.pyd

Filesize
28KB

MD5
e64538868d97697d62862b52df32d81b

SHA1
2279c5430032ad75338bab3aa28eb554ecd4cd45

SHA256
b0bd6330c525b4c64d036d29a3733582928e089d99909500e8564ae139459c5f

SHA512
8544f5df6d621a5ff2ca26da65b49f57e19c60b4177a678a00a5feb130bf0902f780b707845b5a4dd9f12ddb673b462f77190e71cbe358db385941f0f38e4996

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50842\_socket.pyd

Filesize
78KB

MD5
4b2f1faab9e55a65afa05f407c92cab4

SHA1
1e5091b09fc0305cf29ec2e715088e7f46ccbbd4

SHA256
241db349093604ab25405402ba8c4212016657c7e6a10edd3110abeb1cc2e1ba

SHA512
68070db39cd14841bcd49db1acf19806b0aa4b4ac4c56518b3a3baddaac1cd533f0b3ef70a378f53d65c0d6c0f745a6102b63303ea7978c79f688c787efe9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50842\base_library.zip

Filesize
764KB

MD5
c2c39a352a50e216e45a07748fb7f8c5

SHA1
402e720be0212198cdfe659f3061795cac169d7f

SHA256
ab34fb921a79e9b635d5dd17f3c1b24456d07e4165defdb3c1d047eff0efdb48

SHA512
fb44205528dab11a33fea4c60783d56ecd04f5c02076e9900dc99af5089b56a65b5a8668e92b910479ceb7c822731887810e6e4292787fe7181ddb2060b197c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50842\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50842\python39.dll

Filesize
4.3MB

MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50842\select.pyd

Filesize
28KB

MD5
f8f5a047b98309d425fd06b3b41b16e4

SHA1
2a44819409199b47f11d5d022e6bb1d5d1e77aea

SHA256
5361da714a61f99136737630d50fa4e975d76f5de75e181af73c5a23a2b49012

SHA512
f0a96790fcdabf02b452f5c6b27604f5a10586b4bf759994e6d636cc55335026631fa302e209a53f5e454bea03b958b6d662e0be91fa64ce187a7dc5d35a9aa9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads