1ab7fef81e4a5325f70a7eb8f1e551edaa6344d16eb1aeca68974d89bb4e40db | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

cdnmain/Exela.exe

windows10-ltsc 2021-x64

cdnmain/Exela.exe

windows11-21h2-x64

Stub.pyc

windows10-ltsc 2021-x64

3

Stub.pyc

windows11-21h2-x64

3

cdnmain/chrome.exe

windows10-ltsc 2021-x64

cdnmain/chrome.exe

windows11-21h2-x64

cdnmain/cl...st.exe

windows10-ltsc 2021-x64

1

cdnmain/cl...st.exe

windows11-21h2-x64

1

cdnmain/ef.exe

windows10-ltsc 2021-x64

cdnmain/ef.exe

windows11-21h2-x64

cdnmain/libsodium.dll

windows10-ltsc 2021-x64

1

cdnmain/libsodium.dll

windows11-21h2-x64

1

cdnmain/sqlite3.dll

windows10-ltsc 2021-x64

1

cdnmain/sqlite3.dll

windows11-21h2-x64

1

cdnmain/vc...40.dll

windows10-ltsc 2021-x64

1

cdnmain/vc...40.dll

windows11-21h2-x64

1

cdnmain/verif.exe

windows10-ltsc 2021-x64

1

cdnmain/verif.exe

windows11-21h2-x64

1

Resubmissions

11/03/2025, 16:25

250311-txbamsxq12 10

10/03/2025, 16:59

250310-vhtzwastaz 10

Analysis

max time kernel
132s
max time network
137s
platform
windows11-21h2_x64
resource
win11-20250218-en
resource tags

arch:x64arch:x86image:win11-20250218-enlocale:en-usos:windows11-21h2-x64system
submitted
10/03/2025, 16:59

Sharing

Static task

static1

pyinstaller rat default asyncrat

4 signatures

Behavioral task

behavioral1

Sample

cdnmain/Exela.exe

Resource

win10ltsc2021-20250217-en

exelastealer collection defense_evasion discovery persistence privilege_escalation spyware stealer upx

windows10-ltsc 2021-x64

27 signatures

600 seconds

Behavioral task

behavioral2

Sample

cdnmain/Exela.exe

Resource

win11-20250217-en

exelastealer collection defense_evasion discovery persistence privilege_escalation spyware stealer upx

windows11-21h2-x64

27 signatures

600 seconds

Behavioral task

behavioral3

Sample

Stub.pyc

Resource

win10ltsc2021-20250217-en

windows10-ltsc 2021-x64

8 signatures

600 seconds

Behavioral task

behavioral4

Sample

Stub.pyc

Resource

win11-20250217-en

windows11-21h2-x64

3 signatures

600 seconds

Behavioral task

behavioral5

Sample

cdnmain/chrome.exe

Resource

win10ltsc2021-20250217-en

asyncrat default rat

windows10-ltsc 2021-x64

12 signatures

600 seconds

Behavioral task

behavioral6

Sample

cdnmain/chrome.exe

Resource

win11-20250217-en

asyncrat default rat

windows11-21h2-x64

11 signatures

600 seconds

Behavioral task

behavioral7

Sample

cdnmain/cloudflare_whitelist.exe

Resource

win10ltsc2021-20250217-en

windows10-ltsc 2021-x64

0 signatures

600 seconds

Behavioral task

behavioral8

Sample

cdnmain/cloudflare_whitelist.exe

Resource

win11-20250217-en

windows11-21h2-x64

0 signatures

600 seconds

Behavioral task

behavioral9

Sample

cdnmain/ef.exe

Resource

win10ltsc2021-20250217-en

asyncrat default rat

windows10-ltsc 2021-x64

12 signatures

600 seconds

Behavioral task

behavioral10

Sample

cdnmain/ef.exe

Resource

win11-20250217-en

asyncrat default rat

windows11-21h2-x64

11 signatures

600 seconds

Behavioral task

behavioral11

Sample

cdnmain/libsodium.dll

Resource

win10ltsc2021-20250217-en

windows10-ltsc 2021-x64

0 signatures

600 seconds

Behavioral task

behavioral12

Sample

cdnmain/libsodium.dll

Resource

win11-20250217-en

windows11-21h2-x64

0 signatures

600 seconds

Behavioral task

behavioral13

Sample

cdnmain/sqlite3.dll

Resource

win10ltsc2021-20250217-en

windows10-ltsc 2021-x64

0 signatures

600 seconds

Behavioral task

behavioral14

Sample

cdnmain/sqlite3.dll

Resource

win11-20250218-en

windows11-21h2-x64

0 signatures

600 seconds

Behavioral task

behavioral15

Sample

cdnmain/vcruntime140.dll

Resource

win10ltsc2021-20250217-en

windows10-ltsc 2021-x64

0 signatures

600 seconds

Behavioral task

behavioral16

Sample

cdnmain/vcruntime140.dll

Resource

win11-20250217-en

windows11-21h2-x64

0 signatures

600 seconds

Behavioral task

behavioral17

Sample

cdnmain/verif.exe

Resource

win10ltsc2021-20250217-en

windows10-ltsc 2021-x64

0 signatures

600 seconds

Behavioral task

behavioral18

Sample

cdnmain/verif.exe

Resource

win11-20250217-en

windows11-21h2-x64

0 signatures

600 seconds

Report Analysis Logs

General

Target

cdnmain/sqlite3.dll
Size

1.0MB
MD5

abd499b6a9fe8fca0eec593ae58cdc29
SHA1

40b6dca224ea6aced518f884612abf71aea769a7
SHA256

cc4b95f75d37b642e3bc89e57b50df40519ed9ee7e3b45eb2b061ca6a63b221d
SHA512

b5d5b84e16a99824cadcc25649ee39cd0728380adeacb93d75365bf37367002fc741b286754c0c9173a0b27bc8d1d77e2ba7c6979c2592756bec6c08696b1479
SSDEEP

24576:ScO/Q+Ph+9Xxh05eUMgNZGUUrH/0TmjpnUVfSz:JYQXVUMubm9UVS

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cdnmain\sqlite3.dll,#1
1⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4968,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:14
1⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4960,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:14
1⤵
PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy