88e8854e22bfb9d313d8bbcd90af3288ab7de72242e88da22b02196e1a3e3b8f

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 23:58

Target

Exela.exe
Size

10.9MB
MD5

8e58494c2a202912309668e193df5137
SHA1

b7c4192752bd3ffed8e6c734547bcf72913e42eb
SHA256

88e8854e22bfb9d313d8bbcd90af3288ab7de72242e88da22b02196e1a3e3b8f
SHA512

95bff5b38cb753118caba6c455bc0010595994b38f862c877b452f44c943f71c37e16e5429fea00fbc525c864245a2911ed5f1729465448f89fbed4b6b18f2d7
SSDEEP

196608:N+MGbhJb3tQk5tZurErvI9pWj+laeAnags22/zEHS9ZoQlLKvoBQ:XGbh7v5tZurEUWjEVkiYynrVRG

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2596	Exela.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a05a-53.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2596	2252	Exela.exe	30
PID 2252 wrote to memory of 2596	2252	Exela.exe	30
PID 2252 wrote to memory of 2596	2252	Exela.exe	30

C:\Users\Admin\AppData\Local\Temp\Exela.exe
"C:\Users\Admin\AppData\Local\Temp\Exela.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\Exela.exe
  "C:\Users\Admin\AppData\Local\Temp\Exela.exe"
  2⤵
  - Loads dropped DLL
  PID:2596

C:\Users\Admin\AppData\Local\Temp\_MEI22522\python312.dll

Filesize
1.7MB

MD5
3e5a523e2b08424c39a53dcba0c4f335

SHA1
c6bafbf6501b62f23e0c2f4f68db822827babd76

SHA256
d6864c703deb033db0c5bd9962d88b1e2e6b39f942f44558385ae9a0aff7eac3

SHA512
74533088aee88b27d1cc94e56e70066109e05d6f1cfd3b4d647d16dc8a5977262f91e16dd875683c7e13dec0ed88d5febdd2058ca5ecc413e17934d782ade8f1

Download Submit
memory/2596-55-0x000007FEF5670000-0x000007FEF5D35000-memory.dmp

Filesize
6.8MB

Download