Overview
overview
3Static
static
3Release/Be...er.dll
windows11-21h2-x64
1Release/Be...er.xml
windows11-21h2-x64
1Release/CeleryApp.exe
windows11-21h2-x64
1Release/CeleryIn.dll
windows11-21h2-x64
1Release/Ce...ct.exe
windows11-21h2-x64
1Release/Ce...er.exe
windows11-21h2-x64
1Release/Ce...er.exe
windows11-21h2-x64
1Release/Ce...g.json
windows11-21h2-x64
3Release/Ce...go.ico
windows11-21h2-x64
3Release/Ce...go.png
windows11-21h2-x64
3Release/Costura.dll
windows11-21h2-x64
1Release/Costura.xml
windows11-21h2-x64
1Release/Dragablz.dll
windows11-21h2-x64
1Release/Dragablz.xml
windows11-21h2-x64
1Release/Ma...rs.dll
windows11-21h2-x64
1Release/Ma...ns.dll
windows11-21h2-x64
1Release/Ma...ns.xml
windows11-21h2-x64
1Release/Ma...pf.dll
windows11-21h2-x64
1Release/Ma...pf.xml
windows11-21h2-x64
1Release/Mi...re.dll
windows11-21h2-x64
1Release/Mi...ore.js
windows11-21h2-x64
3Release/Mi...ms.dll
windows11-21h2-x64
1Release/Mi...ms.xml
windows11-21h2-x64
1Release/Mi...pf.dll
windows11-21h2-x64
1Release/Mi...pf.xml
windows11-21h2-x64
1Release/Mi...rs.dll
windows11-21h2-x64
1Release/Mi...rs.xml
windows11-21h2-x64
1Release/Sy...ce.dll
windows11-21h2-x64
1Release/Sy...ce.xml
windows11-21h2-x64
1Release/appver
windows11-21h2-x64
1Release/ap...on.txt
windows11-21h2-x64
3Resubmissions
12/05/2024, 11:35
240512-nqc8rsdb4v 3Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/05/2024, 11:35
Static task
static1
Behavioral task
behavioral1
Sample
Release/BetterFolderBrowser.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
Release/BetterFolderBrowser.xml
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
Release/CeleryApp.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
Release/CeleryIn.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
Release/CeleryInject.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
Release/CeleryLauncher.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
Release/CeleryLauncher.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
Release/CeleryLauncher.runtimeconfig.json
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
Release/CeleryLogo.ico
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
Release/CeleryLogo.png
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
Release/Costura.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
Release/Costura.xml
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
Release/Dragablz.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
Release/Dragablz.xml
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
Release/MaterialDesignColors.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
Release/MaterialDesignExtensions.dll
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
Release/MaterialDesignExtensions.xml
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
Release/MaterialDesignThemes.Wpf.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
Release/MaterialDesignThemes.Wpf.xml
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
Release/Microsoft.Web.WebView2.Core.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
Release/Microsoft.Web.WebView2.Core.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
Release/Microsoft.Web.WebView2.WinForms.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
Release/Microsoft.Web.WebView2.WinForms.xml
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
Release/Microsoft.Web.WebView2.Wpf.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
Release/Microsoft.Web.WebView2.Wpf.xml
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
Release/Microsoft.Xaml.Behaviors.dll
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
Release/Microsoft.Xaml.Behaviors.xml
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
Release/System.Diagnostics.DiagnosticSource.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
Release/System.Diagnostics.DiagnosticSource.xml
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
Release/appver
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
Release/appversion.txt
Resource
win11-20240426-en
windows11-21h2-x64
General
-
Target
Release/CeleryInject.exe
-
Size
3.1MB
-
MD5
87d4963332c48cbf50bead6cf810c7ec
-
SHA1
87a7262ae85b27c013c2289a0d52b1a02d4d7222
-
SHA256
2c00feddea40141c010b8df4408742694960da39411b49a9e49c165e52d41aa0
-
SHA512
774f6607828435dbe7d04db0d4ea9099a886d91846e1d4d26e110ee462ac243345ed0a1737ef63c09342c2dae0bbe1862cce2644e2fab67f8cf2ca47cf263efc
-
SSDEEP
49152:JbCT2pnX/Q2uteYg/c+NDGjP8lRSp3fvid:w2uy
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe 1428 CeleryInject.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1428 CeleryInject.exe