e73b3c939cf1dc3054fb57ec128cb139d369a46f042f7e5129eab36f1bfba109

Analysis

max time kernel
1382s
max time network
1165s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

by Cel3ry V2.2.1.zip
Size

10.1MB
MD5

ba995457ee510b4f55560ba556bbeada
SHA1

312c7468de643b8e146c5ed02867dffcd6bb7f37
SHA256

e73b3c939cf1dc3054fb57ec128cb139d369a46f042f7e5129eab36f1bfba109
SHA512

5cad0bc98467b63388dcf875d0a7ada5b592c6d95755be6d5fec9b002b6f75dda6d4e9e6e60149629271a980c2fa2a60d7fdc457e2139bf109cc56a08c49c0a7
SSDEEP

196608:5J2DBByvudpFlcRpeCDWxGzBP7KADoB1UymJ2XRtG1eLqgox74q:vSIvWxcRcVgzJuADoBOkXRoBgJq

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 4488 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	4488	svchost.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\by Cel3ry V2.2.1.zip"
1⤵
PID:4744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1796

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1564

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
Filesize
16KB

MD5
d197bb66dd6909747e865547efa59324

SHA1
df3bf025971f93c878dca1536883aa08abc9c10b

SHA256
057b308a88934b792fcd85466cd4d411fa894a698fdeac1500d239ff7aadb0e8

SHA512
e37466547a825f3a53181fda1a20b8fad1d1216d3a080afeeef375673d05b9b3c22173b832f802f2c7f5982c790ccef6057d87f71f1853f42ec634e97e058d25

Download Submit
memory/4488-40-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download
memory/4488-33-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download
memory/4488-42-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download
memory/4488-34-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download
memory/4488-35-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download
memory/4488-36-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download
memory/4488-37-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download
memory/4488-38-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download
memory/4488-43-0x0000023DBEC10000-0x0000023DBEC11000-memory.dmp

Filesize
4KB

Download
memory/4488-0-0x0000023DB6940000-0x0000023DB6950000-memory.dmp

Filesize
64KB

Download
memory/4488-68-0x0000023DBEE60000-0x0000023DBEE61000-memory.dmp

Filesize
4KB

Download
memory/4488-32-0x0000023DBEFC0000-0x0000023DBEFC1000-memory.dmp

Filesize
4KB

Download
memory/4488-39-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download
memory/4488-44-0x0000023DBEC00000-0x0000023DBEC01000-memory.dmp

Filesize
4KB

Download
memory/4488-46-0x0000023DBEC10000-0x0000023DBEC11000-memory.dmp

Filesize
4KB

Download
memory/4488-49-0x0000023DBEC00000-0x0000023DBEC01000-memory.dmp

Filesize
4KB

Download
memory/4488-52-0x0000023DBEB40000-0x0000023DBEB41000-memory.dmp

Filesize
4KB

Download
memory/4488-16-0x0000023DB6A40000-0x0000023DB6A50000-memory.dmp

Filesize
64KB

Download
memory/4488-64-0x0000023DBED40000-0x0000023DBED41000-memory.dmp

Filesize
4KB

Download
memory/4488-66-0x0000023DBED50000-0x0000023DBED51000-memory.dmp

Filesize
4KB

Download
memory/4488-67-0x0000023DBED50000-0x0000023DBED51000-memory.dmp

Filesize
4KB

Download
memory/4488-41-0x0000023DBEFE0000-0x0000023DBEFE1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads