b7dcd530d64dcc98af9da6f3b89d32aa6771b060c994028e6d9e41ff1da26abd

Analysis

max time kernel
96s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 21:08

Target

Exela-V2.0-main/Obfuscator/obf.py
Size

6KB
MD5

bfbf108641c41832ac8584a6b85960cc
SHA1

978719dd1d5bf0c64138d1b5082bd2952fe99f5c
SHA256

2ba721b0f3311123399cfa098502ad53cfa4e8e0fe6ce0de65ed2c84ea1c1101
SHA512

5084d394f375de4e741da68c35387793496c8c7c7b178c40cbfa3c50fa91e99cb28cace978ca9abb4155d68adc94ef6106ab690a808285eb3e9e27e23f10a1a8
SSDEEP

192:wtcWEKm7AwfMIB/fGPEPPP8PEPyPkP/PyPfPyPtPyPaPyP+PyPMPyP5PPP8PpPyV:qpm7AQDNGPEPPP8PEPyPkP/PyPfPyPtw

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4780	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Exela-V2.0-main\Obfuscator\obf.py
1⤵
- Modifies registry class
PID:4272

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact