Resubmissions

01-08-2024 08:14

240801-j48vda1blm 10

29-07-2024 20:18

240729-y285paycjr 10

29-07-2024 20:11

240729-yyr21ayanl 10

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    29-07-2024 20:18

General

  • Target

    Celery.exe

  • Size

    56.9MB

  • MD5

    c6226e46b67143c0daa5fb37ddaad7df

  • SHA1

    ef800ca848512dff3c2af114b589a43ad5027d5e

  • SHA256

    395532c65dc8a2ecf47db85df7d362ba6170d39bbb98e2f844a3d3be25d32e7b

  • SHA512

    e482cefca0fcd0905492f1275390c64e72aa3dd595cee248e56e6b3521a8e65dab4eb39cc035c4fb5384d6665f6337a1d1633d75988690c38f02492c9309c364

  • SSDEEP

    1572864:LvxZQglY7vaSk8IpG7V+VPhqYdfCE70lgvWjYDxo:LvxZx+eSkB05awcfAev+iO

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Celery.exe
    "C:\Users\Admin\AppData\Local\Temp\Celery.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Users\Admin\AppData\Local\Temp\Celery.exe
      "C:\Users\Admin\AppData\Local\Temp\Celery.exe"
      2⤵
      • Loads dropped DLL
      PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-file-l1-2-0.dll

    Filesize

    21KB

    MD5

    e2a03fb652b3f3f2a39d305e0fc991f9

    SHA1

    49292471fb6b2a08a3b5ea4d55c7ba63d7c22df4

    SHA256

    6d6aa0c0de2e39580807b2996070033fdbae5b41c4fa9520a102479731ba1e29

    SHA512

    b2f4336c29a9b8b59d206b11ef39208f95abde83efee90fb12ae9cb9cd84b983d431eebfd2b9550bd2ad47ba0332b0e57f86699aa2198d0f94e615adcc3ea9bc

  • C:\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-file-l2-1-0.dll

    Filesize

    20KB

    MD5

    50abf0a7ee67f00f247bada185a7661c

    SHA1

    0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

    SHA256

    f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

    SHA512

    c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

  • C:\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-localization-l1-2-0.dll

    Filesize

    21KB

    MD5

    3e4e4b68179d85d2ef56d63cb6b4caa2

    SHA1

    5e75a9e9805ea454d9fb646b4cacff936357cbba

    SHA256

    897b716684eed10bd4214c9f518bbbbb8b5f76152a3f91355112873b0677d05c

    SHA512

    81e85262c3db997a021d4e73f80251783b9ec8fe022f4dce846e824252abd01fdc5f1f1084d6aad0b9cbbe30e08142a0d648816b856dc7068b2ce412399cef8b

  • C:\Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-processthreads-l1-1-1.dll

    Filesize

    21KB

    MD5

    3d73a0d2988f2d91e8bf09f1df449bf0

    SHA1

    6ccd48cd3dc1c23700c3b8f4a3b9dfdf8c08ff08

    SHA256

    521340b666bd5e74b395d56b7886a795b95dea9997a2eb6ff198c16745b55f18

    SHA512

    22713e21375dd0c87881862c74bf1945265ef81e4f91bf6a7b1cc3727a923e113c8dc2b12bc538f2f0fe8c3224ce6b776284b42be075831478d2d1fc251fb32e

  • C:\Users\Admin\AppData\Local\Temp\_MEI21082\python311.dll

    Filesize

    1.6MB

    MD5

    548809b87186356c7ac6421562015915

    SHA1

    8fa683eed7f916302c2eb1a548c12118bea414fa

    SHA256

    6c65da37cf6464507ad9d187a34f5b5d61544b83d831547642d17c01852599a1

    SHA512

    c0b63bf9908e23457cf6c2551219c7951bc1a164f3a585cde750b244fa628753ee43fde35f2aa76223fd9f90cf5ea582241ab510f7373a247eae0b26817198fc

  • C:\Users\Admin\AppData\Local\Temp\_MEI21082\ucrtbase.dll

    Filesize

    1.1MB

    MD5

    3b337c2d41069b0a1e43e30f891c3813

    SHA1

    ebee2827b5cb153cbbb51c9718da1549fa80fc5c

    SHA256

    c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

    SHA512

    fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

  • \Users\Admin\AppData\Local\Temp\_MEI21082\api-ms-win-core-timezone-l1-1-0.dll

    Filesize

    21KB

    MD5

    3f319e5743e66e32488529d75ec15981

    SHA1

    33f2ce75ede1df246703871331e7c4934790c639

    SHA256

    44704de5e39e481928088e5e3eab77498b1215ffb1ac10edb0568c0b29896232

    SHA512

    c8ac4fec1cd02851420480c379077af41f6cbb31fbeb66af114a7bef856b4e548aecc34ab816f0f7e3675ae3e0b35d789068e095241bc4e5fdcdbf6e55f1ded2

  • memory/2776-1214-0x000007FEF5F60000-0x000007FEF6552000-memory.dmp

    Filesize

    5.9MB