60fdd04ecb5050f7a89a8db1442d718db489bc32adbbd78a54329c01125c92e5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 01:31

Target

Exela.exe
Size

11.3MB
MD5

d5b97cb18ee49bcba0653a2fd916385d
SHA1

6d5b0f5afa823553e43b2b463e01004251fa1b78
SHA256

60fdd04ecb5050f7a89a8db1442d718db489bc32adbbd78a54329c01125c92e5
SHA512

b3e87d61d22692c27fd0ea6287a79ab6c50ad3fb781a4f9f6dc6cd94f901885c617d7f5e65836667bd4146e1a380723e57e014958788e7221925c884b7f3e116
SSDEEP

196608:nExTCIYDbx0z3civNm1E8giq1g9mJLjv+bhqNVob0Uh8mAIv9PuTzEM8Hgo9oMY:wDOF0z3ci1m1NqvL+9qzGxII8zB8AMY

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2888	Exela.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a4c7-46.dat	upx
behavioral1/memory/2888-48-0x000007FEF5BF0000-0x000007FEF61D9000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2888	2404	Exela.exe	30
PID 2404 wrote to memory of 2888	2404	Exela.exe	30
PID 2404 wrote to memory of 2888	2404	Exela.exe	30

C:\Users\Admin\AppData\Local\Temp\Exela.exe
"C:\Users\Admin\AppData\Local\Temp\Exela.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\Exela.exe
  "C:\Users\Admin\AppData\Local\Temp\Exela.exe"
  2⤵
  - Loads dropped DLL
  PID:2888

C:\Users\Admin\AppData\Local\Temp\_MEI24042\python311.dll

Filesize
1.6MB

MD5
affa456007f359e9f8c5d2931d966cb9

SHA1
9b06d6cb7d7f1a7c2fa9e7f62d339b9f2813e80f

SHA256
4bab2e402a02c8b2b0542246d9ef54027a739121b4b0760f08cd2e7c643ed866

SHA512
7c357f43dd272e1d595ccde87c13fd2cdf4123b20af6855576bfba15afd814a95886cebbe96bb7781b916f9db3c3ee02d381036ddbf62095de3ee43a7f94d156

Download Submit
memory/2888-48-0x000007FEF5BF0000-0x000007FEF61D9000-memory.dmp

Filesize
5.9MB

Download