Analysis

  • max time kernel
    19s
  • max time network
    21s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26/06/2024, 16:39

General

  • Target

    python-MidiToVirtualPianoMacro-master/pyMIDI.exe

  • Size

    10.1MB

  • MD5

    4fbb75b7b4796f5e8c691a4edf9ffff8

  • SHA1

    85bccbd27d9c813c03c68cd4fe122f11a8179684

  • SHA256

    caf940a3c8a32b91d63d90f6b825c764467de3df3903e406963c34a4abf77a71

  • SHA512

    78179a04ca580c9501e80b81f1bfd4a002996ac306357832eb1bdccd4ff6f1dab13b7778138bb8d0a4aec7777213181fdd0b7c0ec60f815e1177cfbe80559b75

  • SSDEEP

    196608:YSMxtA9onJ5hrZER3B2WZufOuD9L/48RmU/3ZlsPv9IGfKydA8ChXXxCMTcgUV:4xG9c5hlERx2WmfDZ/tN3ZWIRxsgU

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\python-MidiToVirtualPianoMacro-master\pyMIDI.exe
    "C:\Users\Admin\AppData\Local\Temp\python-MidiToVirtualPianoMacro-master\pyMIDI.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3380
    • C:\Users\Admin\AppData\Local\Temp\python-MidiToVirtualPianoMacro-master\pyMIDI.exe
      "C:\Users\Admin\AppData\Local\Temp\python-MidiToVirtualPianoMacro-master\pyMIDI.exe"
      2⤵
      • Loads dropped DLL
      PID:420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI33802\_ctypes.pyd

    Filesize

    123KB

    MD5

    4d13a7b3ecc8c7dc96a0424c465d7251

    SHA1

    0c72f7259ac9108d956aede40b6fcdf3a3943cb5

    SHA256

    2995ef03e784c68649fa7898979cbb2c1737f691348fae15f325d9fc524df8ed

    SHA512

    68ff7c421007d63a970269089afb39c949d6cf9f4d56aff7e4e0b88d3c43cfaa352364c5326523386c00727cc36e64274a51b5dbb3a343b16201cf5fc264fec8

  • C:\Users\Admin\AppData\Local\Temp\_MEI33802\_socket.pyd

    Filesize

    77KB

    MD5

    eb974aeda30d7478bb800bb4c5fbc0a2

    SHA1

    c5b7bc326bd003d42bcf620d657cac3f46f9d566

    SHA256

    1db7b4f6ae31c4d35ef874eb328f735c96a2457677a3119e9544ee2a79bc1016

    SHA512

    f9eea3636371ba508d563cf21541a21879ce50a5666e419ecfd74255c8decc3ae5e2ceb4a8f066ae519101dd71a116335a359e3343e8b2ff3884812099ae9b1b

  • C:\Users\Admin\AppData\Local\Temp\_MEI33802\base_library.zip

    Filesize

    768KB

    MD5

    2b58a0447d1feea708ac059763c4c3e4

    SHA1

    12578b60af0f354d527df066aaeb2422fe14913d

    SHA256

    ae8f1046d28fc1d62b4c1dc2c6c55535eba2473abf7e61a33ae7307181c03f06

    SHA512

    8b5966be4e00e78ad3b4e409ff21767357312ec149f884382fc5fb0b056d7e724f330e188037bd543df21a2ce934dc1b09408abc1a6a16f74850cec67846e773

  • C:\Users\Admin\AppData\Local\Temp\_MEI33802\libffi-7.dll

    Filesize

    32KB

    MD5

    eef7981412be8ea459064d3090f4b3aa

    SHA1

    c60da4830ce27afc234b3c3014c583f7f0a5a925

    SHA256

    f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

    SHA512

    dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

  • C:\Users\Admin\AppData\Local\Temp\_MEI33802\pyMIDI.exe.manifest

    Filesize

    1KB

    MD5

    bd87e3990d83b38d1dd1c08b154562a5

    SHA1

    330cc37301b82c523d4a875f3b9a51af5702270d

    SHA256

    de863e3fc78c71dd3a7da8febccfafe99137e06423166f36fbf1641da259ab9a

    SHA512

    4623a78ee82cded393a0bdd80d507c66d92e84b4e4f49d6b47323d084be9ec33860d7cff2032ab92afb194e13247828d149d8f7dcb3cd1f62948c0ccabd2dc41

  • C:\Users\Admin\AppData\Local\Temp\_MEI33802\python38.dll

    Filesize

    4.0MB

    MD5

    3cd1e87aeb3d0037d52c8e51030e1084

    SHA1

    49ecd5f6a55f26b0fb3aeb4929868b93cc4ec8af

    SHA256

    13f7c38dc27777a507d4b7f0bd95d9b359925f6f5bf8d0465fe91e0976b610c8

    SHA512

    497e48a379885fdd69a770012e31cd2a62536953e317bb28e3a50fdb177e202f8869ea58fc11802909cabb0552d8c8850537e9fb4ead7dd14a99f67283182340

  • C:\Users\Admin\AppData\Local\Temp\_MEI33802\select.pyd

    Filesize

    26KB

    MD5

    08b499ae297c5579ba05ea87c31aff5b

    SHA1

    4a1a9f1bf41c284e9c5a822f7d018f8edc461422

    SHA256

    940fb90fd78b5be4d72279dcf9c24a8b1fcf73999f39909980b12565a7921281

    SHA512

    ab26f4f80449aa9cc24e68344fc89aeb25d5ba5aae15aeed59a804216825818edfe31c7fda837a93a6db4068ccfb1cc7e99173a80bd9dda33bfb2d3b5937d7e9

  • C:\Users\Admin\AppData\Local\Temp\_MEI33802\ucrtbase.dll

    Filesize

    971KB

    MD5

    bd8b198c3210b885fe516500306a4fcf

    SHA1

    28762cb66003587be1a59c2668d2300fce300c2d

    SHA256

    ce2621719f1358508c2c33bcc1380d78a737ca20cd18c0ac89f38e1be788d9a2

    SHA512

    c32b6c083d3a7da01085718e5685e9a04034be91251c065794ceef1dfaaf6573fdd845cbc84e926ab3f510d295649cb6e497564fbe52cc79c053357c645c11a5

  • \Users\Admin\AppData\Local\Temp\_MEI33802\VCRUNTIME140.dll

    Filesize

    99KB

    MD5

    8697c106593e93c11adc34faa483c4a0

    SHA1

    cd080c51a97aa288ce6394d6c029c06ccb783790

    SHA256

    ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

    SHA512

    724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987