Overview

overview

7

Static

static

3

Celeste64.exe

windows7-x64

3

Celeste64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 15:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Celeste64.exe

  • Size

    13.2MB

  • MD5

    6f445565a4169e268effc04a3aa98a07

  • SHA1

    d97c6fcaa18986bd5f298fac54771088f7f7da89

  • SHA256

    2dc625e5072ef7ebaddcffd5be6fd73790fdfe7ed691e4df5d3fcf7fcc029a32

  • SHA512

    51c8833ba55a393dd27f3ca00e44ce29c2c8702776a8ea036d585ae3df96f01ba8ddd3ff58132b7ac098e24c54b4ebf9eb9a6d178df5971fcdb92a5c0fd0147d

  • SSDEEP

    196608:EBsd3+XNqcBQ9KRIWGmI+/t4RG9VLrgzm:VAXhBQ9KOL++o9VLj

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Celeste64.exe
    "C:\Users\Admin\AppData\Local\Temp\Celeste64.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ErrorLog.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2560

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\ErrorLog.txt
          Filesize

          800B

          MD5

          7fe92d89402cdef130fadb3f727d8e9d

          SHA1

          3b0bbabd0ffd8bf0c709ef57cb58d93ab8a5550f

          SHA256

          f0628aadd4ab5d912b1e3040654b9a9b9a531da483395d9eeea4ea3cd1758bde

          SHA512

          d5990209eb572344142bb1ec271894c574ca380e4bcf0bcea85fee2a0b8a9a5613a77eb331d2cced23d0b9ef36747fefb17daa14a9cdcb05c2875fd576577e43

          Download Submit

        • memory/1724-0-0x000000013FEC0000-0x0000000140812000-memory.dmp

          Filesize

          9.3MB

          Download

        • memory/1724-2-0x000000013FEC0000-0x0000000140812000-memory.dmp

          Filesize

          9.3MB

          Download