77d28d642ae0933ae522351fdb0b610045bbbf7911cfc8d8febbdea981a4ca19 | Triage

Analysis

max time kernel
21s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 19:02

Sharing

Report Analysis Logs

General

Target

CeleryAPI.dll
Size

21KB
MD5

99a217bdc8c685c3b0a319d9ea8a14db
SHA1

4033ddd18b8050575fdc6c59476469e681c6a5d2
SHA256

77d28d642ae0933ae522351fdb0b610045bbbf7911cfc8d8febbdea981a4ca19
SHA512

2675b79714d748339bc041508c4ace30ea5a19e931f1b85ca3010e2642e3859c5089763a54346d02da7788b8daa3500664b3e471be63c5c6282e242272a8bdf5
SSDEEP

384:V5hMn/3zqAaomvdkf0azg5mnUXHU6BV7rFY+EJs325Kc:I/zBCClNUX0e7Z835n

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

Processes:

OpenWith.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings OpenWith.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

4720 OpenWith.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4720 OpenWith.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CeleryAPI.dll,#1
1⤵
PID:3948

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads