Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3Debug/CeleryAPI.dll
windows10-2004-x64
1Debug/Fast...ox.dll
windows10-2004-x64
1Debug/Newt...on.dll
windows10-2004-x64
1Debug/WeAr...PI.dll
windows10-2004-x64
1Debug/Z3US...or.exe
windows10-2004-x64
1Debug/bin/...In.dll
windows10-2004-x64
1Debug/bin/...or.exe
windows10-2004-x64
1Debug/main.exe
windows10-2004-x64
8Debug/runme.bat
windows10-2004-x64
8Analysis
-
max time kernel
300s -
max time network
276s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 19:41
Behavioral task
behavioral1
Sample
Debug/CeleryAPI.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Debug/FastColoredTextBox.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Debug/Newtonsoft.Json.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Debug/WeAreDevs_API.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Debug/Z3USExecutor.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
Debug/bin/CeleryIn.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Debug/bin/CeleryInjector.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
Debug/main.exe
Resource
win10v2004-20240508-en
General
-
Target
Debug/bin/CeleryInjector.exe
-
Size
3.1MB
-
MD5
eb1f95642914c54314ba72ffcbc79caa
-
SHA1
77c254bf9d968fc30da4a090b11b077d4ef4ff8c
-
SHA256
657ad03d414e5b29c793d28a23e0bf0306cffe987caa19627fb420af4fa1471b
-
SHA512
7c2fa06700b94bccad2707e0224a87954a416b7564a6e6822cb07ccd549202dbd2556cf80c7c92bd9c905c5e1a095de1c3f6343cc3a33b6895c95375ded70389
-
SSDEEP
24576:VFvKJxoSmOrOcEOIwKTFZ/duJa3hE+c8/LRHpDGjP8YcR+9p3fWdsI/DOGNAaATt:fvK8OrX2Ea3IsDGjP8lRAp3fA/K2
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe 2120 CeleryInjector.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2120 CeleryInjector.exe