Analysis
-
max time kernel
12s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
17-01-2025 18:23
General
-
Target
Exela.exe
-
Size
34.5MB
-
MD5
edfb28c9a8c2da2f739b8cc01609aded
-
SHA1
6c07ab787c44c5543cf589d5ef64f36df1034e69
-
SHA256
8d5852b821515678b880a8af1559f23fd2efa48fa2e7f4a9207d7d6c00061963
-
SHA512
91c43da66ff83d027dff23ceca9c9191fd1b90085e4a34315ed4800bedb11146bbc1c44c7a8645e4e8ae37d15d0231daaf26d2841c6a84eaeca049127b333575
-
SSDEEP
196608:Gxyz+rKhOacF8ZZ8L4a+tk9Y7m7SMuPKBPn+VcMvnMFThYzkqm:yGSKVR78Lpck9D7vubcMvgykqm
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Loads dropped DLL 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Exela.exe"C:\Users\Admin\AppData\Local\Temp\Exela.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Exela.exe"C:\Users\Admin\AppData\Local\Temp\Exela.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD534f5effd225ff4dd38a5097d3cb238cf
SHA10d8550c91bdf612023702c48506b6a77f84035f9
SHA2562da1bd017e4c52c540f62e9b06f60bd9230ca62854415ca3505f965f8abb6254
SHA512da5c5954ac07c7b64d8943f2dcbaa3839b56dedd88168cb62c2dd683c16c0d14a28d8af6730e00ae3a4ed1015c00653a37d23c42e21c205d1c6d1308cd1e0f29
-
Filesize
5.0MB