Overview

overview

10

Static

static

3

Exela.exe

windows7-x64

7

Exela.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Resubmissions

21/03/2025, 18:01

250321-wmbjrsymy8 10

21/03/2025, 17:52

250321-wfzysaylw2 10

Analysis

  • max time kernel
    15s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2025, 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stub.pyc

  • Size

    874KB

  • MD5

    1878429e557ab3b7c40255159873a138

  • SHA1

    424cf7f25e131cc063b25d5f7705732166b4d8b0

  • SHA256

    d4d6821b1df9f5640fb71ae5690affa44999f2cec7d2fe2a79100670b9a33e5c

  • SHA512

    e3731625096cacf35f08b4d5d3c5434cb11693c250515e7b8469ce0e0afface44801d4219d27c9e6e6b0ffe32901ca7aeb6660091a924d9fc27f9809d8bbb918

  • SSDEEP

    12288:sqQYfO1BuUy5b16GHBkj6WhSV/4+WTsa7Oz6gMSaATWX4pzMVHDWFNh+:sqQYOuUy6GtVg9OzNxVpAoFNh+

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Stub.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Stub.pyc
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads