Overview
overview
8Static
static
1Celex-Crack-main.zip
windows7-x64
1Celex-Crack-main.zip
windows10-2004-x64
1Celex-Crac...ro.exe
windows7-x64
7Celex-Crac...ro.exe
windows10-2004-x64
8stub-o.pyc
windows7-x64
3stub-o.pyc
windows10-2004-x64
3Celex-Crac...SE.txt
windows7-x64
1Celex-Crac...SE.txt
windows10-2004-x64
1Celex-Crac...DME.md
windows7-x64
3Celex-Crac...DME.md
windows10-2004-x64
3Resubmissions
26/05/2024, 13:42
240526-qz4s7age6w 8Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 13:42
Static task
static1
Behavioral task
behavioral1
Sample
Celex-Crack-main.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Celex-Crack-main.zip
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Celex-Crack-main/Adobe_Premiere_Pro.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Celex-Crack-main/Adobe_Premiere_Pro.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
stub-o.pyc
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
stub-o.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Celex-Crack-main/LICENSE.txt
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Celex-Crack-main/LICENSE.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Celex-Crack-main/README.md
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Celex-Crack-main/README.md
Resource
win10v2004-20240508-en
General
-
Target
Celex-Crack-main/README.md
-
Size
178B
-
MD5
7608ae808b7b4bef6b5b7968b06bf360
-
SHA1
7065483b6c1dfa40ed9253349ddfe87a31a1ceae
-
SHA256
784fe10d7980bf41c6a7ae39a6a8fd48cc0e79bf2363e659e1ecb55195af65b5
-
SHA512
e9d6e5f645fae9f4eca88c54c9713efbd697b77e002da38c79c2bc31be8ab42ce0c16b2bfd3d7a95c2acd8b15bc66949760cd7e66c27407e16d8ee7a670a6d31
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\md_auto_file rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.md rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\md_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\md_auto_file\shell rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\md_auto_file\ rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.md\ = "md_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\md_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\md_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2596 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2596 AcroRd32.exe 2596 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2684 wrote to memory of 2584 2684 cmd.exe 29 PID 2684 wrote to memory of 2584 2684 cmd.exe 29 PID 2684 wrote to memory of 2584 2684 cmd.exe 29 PID 2584 wrote to memory of 2596 2584 rundll32.exe 30 PID 2584 wrote to memory of 2596 2584 rundll32.exe 30 PID 2584 wrote to memory of 2596 2584 rundll32.exe 30 PID 2584 wrote to memory of 2596 2584 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Celex-Crack-main\README.md1⤵
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Celex-Crack-main\README.md2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Celex-Crack-main\README.md"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2596
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a8fc411162cb11319741242f7e2b48e6
SHA1a350c1525bd47799d0354b14b4d2fb2029c73faa
SHA256f5790d85873c3505464e872843db32ce3b3997d808c287bab541c23a4e9a0867
SHA512a69f96714c4312363bb0fd4d98c70f68d649ccf91b2bd7411888e976c60e6fe01db8e155832ebf30efa0c01f0c3254872c68d8e919c892853e1faface1ac8214