6f55f3d21550efb245e1208922f24195f31737591d1c493553a989be80eec0dd

Analysis

max time kernel
61s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11/02/2025, 06:45

Target

szczur.exe
Size

60.0MB
MD5

9b7a4089dbad1e1e2b8a2a148ac3a74d
SHA1

3aec6c418e70a5d2f5addbaa7095ce66e0a40aaf
SHA256

f5a543375778ed6ecd291be0c20651f0b176271cd0d48ccab7506d5a9b1f3f31
SHA512

e88384fbe0c048b35bf78fb6408ed6d9bc44898258a80bb4e417be8bd7c69dc1491f6132919237426b445718dffeec786655ab3a20c3fc049064bf5071c485e2
SSDEEP

1572864:w2GKlEWjAOkiqOv8im2AzJE7Bbli0aVrwO:wnKa9OknOv8i3mSw0apw

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2144	szczur.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral3/files/0x0003000000020b07-1153.dat	upx
behavioral3/memory/2144-1155-0x000007FEF5980000-0x000007FEF5F68000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2144	3064	szczur.exe	30
PID 3064 wrote to memory of 2144	3064	szczur.exe	30
PID 3064 wrote to memory of 2144	3064	szczur.exe	30

C:\Users\Admin\AppData\Local\Temp\szczur.exe
"C:\Users\Admin\AppData\Local\Temp\szczur.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Users\Admin\AppData\Local\Temp\szczur.exe
  "C:\Users\Admin\AppData\Local\Temp\szczur.exe"
  2⤵
  - Loads dropped DLL
  PID:2144

C:\Users\Admin\AppData\Local\Temp\_MEI30642\python311.dll

Filesize
1.6MB

MD5
87b5d21226d74f069b5ae8fb74743236

SHA1
153651a542db095d0f9088a97351b90d02b307ac

SHA256
3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194

SHA512
788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6

Download Submit
memory/2144-1155-0x000007FEF5980000-0x000007FEF5F68000-memory.dmp

Filesize
5.9MB

Download