Overview

overview

10

Static

static

3

Exela.exe

windows11-21h2-x64

10

Stub.pyc

windows11-21h2-x64

3

Analysis

  • max time kernel
    25s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-08-2024 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stub.pyc

  • Size

    875KB

  • MD5

    38216396acb54f2de12abb00409e9349

  • SHA1

    d27b187871e099eb15fa10e00552f07dae676755

  • SHA256

    985e8984625c143b802795b78ba42a7cf2704a125f04b11d59e989d510274897

  • SHA512

    ab262d391b2090e041a219c002ab63a51bcded848bd00a23c14300e5230d562d364a64607835cc8121aab49a69d8151e602bd7e8a02bdbf0d5cb9401f659a03a

  • SSDEEP

    12288:lkhL7UdcKLriWqANRFj0HqzfEP9wnJblZs4ZVrS9A5+q3dl61dRCUWXZEJ/lqfXQ:luLodcK9JRFQHEfQ6JbHXd0vRhWXkqvQ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Stub.pyc
    1⤵
    • Modifies registry class
    PID:1144
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads