ddd836101025f932bfa5cc4c8e216a90d7c3aa4babeda7ea6da5df2ac6db7df8

Analysis

max time kernel
26s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-01-2025 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Exela.exe
Size

10.4MB
MD5

8c0aa3feb616840779479efb0b79f757
SHA1

a8e8d65fd0fe562eb3ad5ca4467d870932982bd0
SHA256

ddd836101025f932bfa5cc4c8e216a90d7c3aa4babeda7ea6da5df2ac6db7df8
SHA512

c475a576781f9c86e7436b0a69d15416e5601fce67f7b42c9b3897e64ab6aa87a04bbe59afd1d2a51932bbcf97185b66b8109af09d8f29b2f13dc5858017d49e
SSDEEP

196608:MmZzxVopeMPHNhvNm1E8giq1g9K5RHvUWvogWOxu9kXwvdbD903N60ne6H0o1uYM:xlrMvNh1m1NqV5RHdBbAlbJ03E0e6H02

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1716	Exela.exe
1716	Exela.exe
1716	Exela.exe
1716	Exela.exe
1716	Exela.exe
1716	Exela.exe
1716	Exela.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001ad9a-105.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 1716	2716	Exela.exe	30
PID 2716 wrote to memory of 1716	2716	Exela.exe	30
PID 2716 wrote to memory of 1716	2716	Exela.exe	30

C:\Users\Admin\AppData\Local\Temp\Exela.exe
"C:\Users\Admin\AppData\Local\Temp\Exela.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Users\Admin\AppData\Local\Temp\Exela.exe
  "C:\Users\Admin\AppData\Local\Temp\Exela.exe"
  2⤵
  - Loads dropped DLL
  PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
75c8a3c1dfe2096f1a2c6ba51de7196f

SHA1
eb17720383791d75ccc2ed729900c1e8e8165504

SHA256
3d95961590fe6da5c569bcb0a54651488e70dd7b15c257e1b9faf8a3cc0e63e4

SHA512
8c6af5c49a321d60b14032780bf6d93a51ed7fe97940e06dfb251d295f51f2788cd7931a848cea94607d81acb9bb225086dd879159e67cda0c355173e69543ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
855bea02e0a624407c36b109b841db59

SHA1
d812734104a7fcce9ef86ba9239d106ef8d27395

SHA256
c6515fb573cd8190ebc401aab4646069066205ee9eeca548ae5ddbec3633336b

SHA512
23a14f6c86a8f986322dd1f7efee0b9a20e12e6d141994d3fd165d0df22513d63efb3fab8945879466b053f09fe0d2153c183c1d738530844eec465318e94ff1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
7f629d273ac801725d19df76990a68df

SHA1
dc6ce7553e3ccecbc2f74cccb6760a9fae910594

SHA256
945dacfe53f62d83acd0537a6712658558faafb18f68b76b88127db78482fd8f

SHA512
af51a9f8704d909185601c642d966cf99f53d2867dd4c5326f602ce279fcde916f9ef1d458740242c02078f9bc8867d8cb8a41332590c45983ddf349d1cfb05e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
6362e38d6c8138711da8f3be9bcc72cd

SHA1
b0827e51f1a45cdfed76e7636ea334255d7ddbeb

SHA256
73fabc60a9b24c1eb65ec886a59a190046af5853800572df1d48634417a15729

SHA512
bac37bf61221355a1b43a7e7b3a65ff6d08790898e7e9719f2a776ee55db0cfe036d721d216bb95454dd1375c322298eea54fba2054d9a41e3aad6d60ec41507

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
ef40498ce0b6cf020d9ea8ed88992584

SHA1
2fc258982ffeca396e50bff27a4b2e283c14b051

SHA256
003751ed79881bce98017b66206a2ba411321edd61fd51768779f29dfa99968d

SHA512
95c8573b336f2f2fb5ec580340af406a0742d73d4a3d160b22436dfc0bebd36d15f6019a4b3da1507b8b8970b954196723114185bef91336aeb226bb2f45ecd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27162\python310.dll

Filesize
1.4MB

MD5
018dfe78afe5062c01dffbe60545f7e5

SHA1
e5659111f6fd30c8b1140cbb1b5b094003d96793

SHA256
639283586b67d53b98858ff3a238248299b86a95171015ce6f96cc2ccf8209ca

SHA512
168e9b9b31a0e4c291616b90e2c0ef836e8f07a1d776c48621979d4ef6b8cd7ece52fd2d920b44821a48055c5d89bd2ff4286d23f0c9c0c996a89d6c51b3055a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27162\ucrtbase.dll

Filesize
1.1MB

MD5
6a44a2235d33b3f154fc50dc72e8ea61

SHA1
e98127a010bc6555e50e2ce7eba6ead8d8e13bf3

SHA256
91d027417ff2301b7135e864a5df6693488f8412ff87040f4897e0e03bc2577b

SHA512
057595ef00dc41aab49d654dc1b8dfdfaad58a3e2cf764db71090413b04e07c618d4592b390d170a4fbbc02f04c68f11b382258e3bf13a1791c6bfc97df7687b

Download Submit
memory/1716-107-0x000007FEF68C0000-0x000007FEF6D2A000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads