dd480e8cfd2c686f6d59aea4aadb4ef5e78876caf456413c615d31099937ec5d

Analysis

max time kernel
140s
max time network
187s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 18:08

Target

Celex/Main/Celex.exe
Size

20.4MB
MD5

67a2e11dc4cf10a250eb50db784ea577
SHA1

c04c51e6b72f7c681f34924599c81d270c37c183
SHA256

ff9931e23999793819ba51c3e422a4aa7b840408e8dd30b1f7d5a59029090b5a
SHA512

1be6cb58b901d7222fe7fbd98920ae20bde3503ea8f9672ed8e8bf961d41720b3149303c28c41770f5f896f872d416313c017c86e505d10881951828f942c724
SSDEEP

393216:0EkZQtsuNPG7NmiZoW1+TtIiFA/IFc2raodOKx3YV7:0hQtsUKEAl1QtIP/IHGo4e3c

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
936	Celex.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
936	Celex.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 936	436	Celex.exe	40
PID 436 wrote to memory of 936	436	Celex.exe	40
PID 436 wrote to memory of 936	436	Celex.exe	40

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1204,i,14698100915962589703,3381494483728350439,131072 /prefetch:2
1⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=1352 --field-trial-handle=1204,i,14698100915962589703,3381494483728350439,131072 /prefetch:1
1⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Celex\Main\Celex.exe
"C:\Users\Admin\AppData\Local\Temp\Celex\Main\Celex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:436
- C:\Users\Admin\AppData\Local\Temp\Celex\Main\Celex.exe
  "C:\Users\Admin\AppData\Local\Temp\Celex\Main\Celex.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1204,i,14698100915962589703,3381494483728350439,131072 /prefetch:8
1⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\_MEI4362\python311.dll

Filesize
5.5MB

MD5
d06da79bfd21bb355dc3e20e17d3776c

SHA1
610712e77f80d2507ffe85129bfeb1ff72fa38bf

SHA256
2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

SHA512
e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

Download Submit