Overview

overview

10

Static

static

8

Exela-V2.0-main.rar

windows7-x64

1

Exela-V2.0-main.rar

windows10-2004-x64

1

Exela-V2.0...on.txt

windows7-x64

1

Exela-V2.0...on.txt

windows10-2004-x64

1

Exela-V2.0...ela.py

windows7-x64

3

Exela-V2.0...ela.py

windows10-2004-x64

3

Exela-V2.0...ICENSE

windows7-x64

1

Exela-V2.0...ICENSE

windows10-2004-x64

1

Exela-V2.0...obf.py

windows7-x64

3

Exela-V2.0...obf.py

windows10-2004-x64

3

Exela-V2.0...ej.exe

windows7-x64

7

Exela-V2.0...ej.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Exela-V2.0...E.html

windows7-x64

3

Exela-V2.0...E.html

windows10-2004-x64

3

Exela-V2.0...px.exe

windows7-x64

5

Exela-V2.0...px.exe

windows10-2004-x64

5

out.exe

windows7-x64

out.exe

windows10-2004-x64

Exela-V2.0...der.py

windows7-x64

3

Exela-V2.0...der.py

windows10-2004-x64

3

Exela-V2.0...ll.bat

windows7-x64

1

Exela-V2.0...ll.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2024 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Exela-V2.0-main/Pavica je okej.exe

  • Size

    9.4MB

  • MD5

    5eb5901afa6e48e9b500abfdc285b91b

  • SHA1

    d0ad34b6b401697f6b5b9c99ba5aefbed9d63ead

  • SHA256

    6bb46c9085a11993227500872b13a137bc02eb41bca919659cc005fabca386c1

  • SHA512

    f67ce9ded25a724fd0972ad3b33bda4dc7e158bfa43fad8f4342aa9993a834ccec555e6ddb5fd483dbee40d28324572212edf21261407fc7e539ae825a275b04

  • SSDEEP

    196608:KbG2GMYxmvNm1E8giq1g9KRDOlrJlpZstQoS9Hf1BKXTHK/CCh:MG2Em1m1NqVR0BGt7G/+HK3

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Exela-V2.0-main\Pavica je okej.exe
    "C:\Users\Admin\AppData\Local\Temp\Exela-V2.0-main\Pavica je okej.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Users\Admin\AppData\Local\Temp\Exela-V2.0-main\Pavica je okej.exe
      "C:\Users\Admin\AppData\Local\Temp\Exela-V2.0-main\Pavica je okej.exe"
      2⤵
      • Loads dropped DLL
      PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI24882\python310.dll
    Filesize

    1.4MB

    MD5

    36fd0e7f37bcc508f4c88bb93ee103fe

    SHA1

    305e8a7da7508ea0571efd0e6248ba32a54160e6

    SHA256

    e44fc24423b18f343fbbab490fcbfddb17aade548f01de0926428a1944e87a95

    SHA512

    9f47fb8a96595498342e53b23671fb7c96ca438427f8bec9aeef845ce604817d6200f544afe530b2906edcb0f448d42ca10c1824a9d2ebd5ced4beb4bd5c1bea

    Download Submit

  • memory/2804-48-0x000007FEF65E0000-0x000007FEF6A45000-memory.dmp

    Filesize

    4.4MB

    Download