Overview
overview
9Static
static
9CeleryX/Celery X.exe
windows7-x64
6CeleryX/Celery X.exe
windows10-2004-x64
6CeleryX/dl...32.dll
windows7-x64
3CeleryX/dl...32.dll
windows10-2004-x64
3CeleryX/dl...wp.dll
windows7-x64
1CeleryX/dl...wp.dll
windows10-2004-x64
1CeleryX/sc...ts.dll
windows7-x64
1CeleryX/sc...ts.dll
windows10-2004-x64
1Analysis
-
max time kernel
155s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
22-04-2024 16:18
Behavioral task
behavioral1
Sample
CeleryX/Celery X.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CeleryX/Celery X.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
CeleryX/dll/VMProtectSDK32.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
CeleryX/dll/VMProtectSDK32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
CeleryX/dll/celeryuwp.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
CeleryX/dll/celeryuwp.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
CeleryX/scripts/scripts.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
CeleryX/scripts/scripts.dll
Resource
win10v2004-20240226-en
General
-
Target
CeleryX/Celery X.exe
-
Size
852.0MB
-
MD5
d628f8810e66912a850e33fd64845946
-
SHA1
0d5e42e3aeffe8b790f0cc0a6a25c417e0fc779a
-
SHA256
62c4009f76be3201b81d215e99d255196c7e0e4d926cc3cb8215e97b1db4f3d0
-
SHA512
eede6f0a2a514a2dd53377f2dd354efc5ccacb66dcdeced6344fd68f26630ce8cadc34af7191f8598f0124169098a41b3c243e6d2d1437dee83f6189b7f19430
-
SSDEEP
6144:glkR8eJ4F0MpFgkN2swVLq0pKG/ZdVj8bXqv0MBN7EzWcKq3jXycUsn8b:gfj2zVq6KG/HVTsMb/4icUP
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Celery X.exedescription pid process target process PID 2268 wrote to memory of 1628 2268 Celery X.exe RegAsm.exe PID 2268 wrote to memory of 1628 2268 Celery X.exe RegAsm.exe PID 2268 wrote to memory of 1628 2268 Celery X.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CeleryX\Celery X.exe"C:\Users\Admin\AppData\Local\Temp\CeleryX\Celery X.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵