Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
02/08/2024, 17:06
240802-vmmrcsscqn 702/08/2024, 17:01
240802-vj1h2ssbqr 602/08/2024, 16:56
240802-vfvhmaxakd 7Analysis
-
max time kernel
138s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-es -
resource tags
-
submitted
02/08/2024, 16:56
General
-
Target
CeleryInstaller.exe
-
Size
822KB
-
MD5
0bd82e264be214414d6dd26bac3e1770
-
SHA1
5325e64053dcf599a9c5cedec532418716f9d357
-
SHA256
60593ced1e78fd4b3fdffcd58bcde989d8e9b031b3ad9132815fdf614e0449d4
-
SHA512
842a80fed2286d06987cd2dde7ae94fc6c7986eb49cc62684f62f148973e5080df7866e1d2f81d53cb5ac95ef9d88489f6765265e29104be0ae349c6a3164592
-
SSDEEP
12288:c5SsIg0ZvkY29slOLJFbJZXM1Eg/2QAu4NRFNxIg0Z:Ru0ZvkY29+OLfzI2Q0NH10Z
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Network Service Discovery 1 TTPs 2 IoCs
Attempt to gather information on host's network.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 33 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\CeleryInstaller.exe"C:\Users\Admin\AppData\Local\Temp\CeleryInstaller.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Documents\Ce\Celery\Celery.exe"C:\Users\Admin\Documents\Ce\Celery\Celery.exe"2⤵
-
C:\Users\Admin\Documents\Ce\Celery\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Documents\Ce\Celery\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Documents\Ce\Celery\cache" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\Documents\Ce\Celery\debug.log" --field-trial-handle=1984,i,18394681359456046403,17494434591211001922,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=1972 /prefetch:2 --host-process-id=39763⤵
- Network Service Discovery
-
-
C:\Users\Admin\Documents\Ce\Celery\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Documents\Ce\Celery\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Documents\Ce\Celery\cache" --cefsharpexitsub --log-file="C:\Users\Admin\Documents\Ce\Celery\debug.log" --field-trial-handle=2476,i,18394681359456046403,17494434591211001922,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2472 /prefetch:3 --host-process-id=39763⤵
- Network Service Discovery
-
-
C:\Users\Admin\Documents\Ce\Celery\bin\lsp\main.exe"C:\Users\Admin\Documents\Ce\Celery\bin\lsp\main.exe"3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD55b745ee879e65f7a47c56265881f16e7
SHA1e6a90771b8f1bf53beeb7c9e4268756ff07a088d
SHA256c8944a83938c39fbea72700485db8a61ab82e1c51d8e16d5dd48de4e36a6f264
SHA5123b4bef98a1f751c3a747de0eb050828bf8474efa68aa7a26d0369f1c3b42829eaab221cb612c005a54ed5b84f19180700e51aab39adb84fe7246d9e91e6899c8
-
Filesize
6KB
MD5bcd22b9511d5383e23d875e2cf3c339e
SHA10ef86afaef536cc4b046ea2866414bb193d60702
SHA25695dd31f11ac1317559b6eee0479739930d503a4938283f5d831ac8add92ad792
SHA512c4e6821858720895c0bfae797097e3307bb7ea8f03dde4fefc16cce03b2a50fecfe8ed5c3225136fcd9d74ee0ed8673f795b410cd14890d22df58c1f03b693c6
-
Filesize
1.7MB
MD521719cf581f5cc98b21c748498f1cbfe
SHA1aaada7a02fadcbd25b836c924e936ce7d7ee0c2a
SHA2566fd2685e02ef7c92ba5080faadb44f22fee528713f5101e2841c1230cba691e6
SHA5126394ddabc7ad03895ecddb9943371935e0a2320e933b380a563eaf03d1a039c7180aee763834170c85485416b1af38b55c1dafff7311b25513369b01dce22598
-
Filesize
897KB
MD516f8a4945f5bdd5c1c6c73541e1ebec3
SHA14342762c43f54c4caafaae40f933599a9bb93cb5
SHA256636f8f865f23f2d47b73f3c16622e10b46437bbf7c89b0a2f70bae6129ab046a
SHA51204115c425c3015ee4355cde2a6e5e28ec24745ea77761a40c0986b54dc14bc67cb142986988d79df87e75ea54d21ded9384842e01cf0714b84f7378e6a13400d
-
Filesize
114KB
MD536946182df277e84a313c3811adac855
SHA1bcd21305861e22878271e37604b7b033ec347eb3
SHA2568507a4662220eca49d7d511183be801cd394f13dc0e9898c55361020fe9a4720
SHA51280b1e947b1940dccfe5be8a1ba1e8c1d9eacb122d73724a21233164f5b318fa57c249256f621f0f9c1e6a9e4c902eec58827bb899e20f2990f4ade1d685f1abd
-
Filesize
272KB
MD5715c534060757613f0286e1012e0c34a
SHA18bf44c4d87b24589c6f08846173015407170b75d
SHA256f7ad2bbbeb43f166bbbf986bdb2b08c462603c240c605f1c6a7749c643dff3fe
SHA512fcaec0c107a8703a8263ce5ccc64c2f5bfc01628756b2319fde21b0842652fbeee04c9f8f6d93f7200412d9bd9fad01494bc902501fb92e7d6b319f8d9db78d7
-
Filesize
4.3MB
MD55a057f600097db9b92c5fe56250952d9
SHA15995176681720e2342ddf55962dd0a800d27c249
SHA2568cf7958a99ba69b8311205081d8316f059714ca27f0c0d39dcfd09c897720d05
SHA512e18aa72653371fb3f334bd03cac5cffdf9c0e7607947f99e8a27948655ab8033418ebde458bd58f8b4b58cc7c0e8a965d3523262d931aefeae71b71bd4ad20a4
-
Filesize
3.0MB
MD593f3965aeb0f8a8a909fe77d3ab8642a
SHA1bfed0cd62d4afd908d72bca9f0ef6d93acb61292
SHA256af02f4b4162548dfec5174153c263a625d4cc513c3e1d5d8ddfe934371b4e6ab
SHA5124f57ed32d13d8e71e6832129f229b02db371170de201d3ccf7b4c6f7a4314b5be0d1a6ce9e3b85d858eada1bc9ed66414697d7339285410a5af34113f78ff779
-
Filesize
3.3MB
MD562f75260e933c5810b35b65a23e3eb41
SHA14cfcf7e71d66b841c4ab7a66c2b2a7ac1aebadf5
SHA2562e324ef875636be14077d765d72c247e9ab537a754f1ed6045f7cc9d131024c9
SHA5123bc076f8f0c583a6d744a7910380bf8c06ac005ec9df74e8c51268e4a6a00451ad65442042ab8dbd67da53eff13081a215f6a81be6a9603174b6329735cc7ecd
-
Filesize
189B
MD59dbad5517b46f41dbb0d8780b20ab87e
SHA1ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e
SHA25647e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf
SHA51243825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8
-
Filesize
2.1MB
MD507b8291d047c119ba4766f2018dc8ce9
SHA1e9912c8f85d5623c27b54b250d516846c759e33c
SHA2563dbef6dfb24e8a6493077e4e093fb7f04c47d389e191fcd7b889b923298b9a4e
SHA512b7770d5651c82a23010c571bbc401c619d1afbb6c3ff5ba1ad8b5e1d846b2cfe44f53871d502228603d788de610d9399964b05dcfc349c6d1fb406f21b9825bb
-
Filesize
26KB
MD5ff34978b62d5e0be84a895d9c30f99ae
SHA174dc07a8cccee0ca3bf5cf64320230ca1a37ad85
SHA25680678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc
SHA5127f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28
-
Filesize
62KB
MD500053ff3b5744853b9ebf90af4fdd816
SHA113c0a343f38b1bb21a3d90146ed92736a8166fe6
SHA256c5a119ec89471194b505140fba13001fa05f81c4b4725b80bb63ccb4e1408c1e
SHA512c99fcda5165f8dc7984fb97ce45d00f8b00ca9813b8c591ad86691bd65104bbb86c36b49bb6c638f3b1e9b2642ec9ac830003e894df338acfca2d11296ff9da4
-
Filesize
94KB
MD53452007cab829c2ba196f72b261f7dec
SHA1c5e7cfd490839f2b34252bd26020d7f8961b221b
SHA25618b39777ee45220217459641991ab700bc9253acaf0940cf6e017e9392b43698
SHA512a8b83a8582dfee144925a821d09c40f5730f6337b29446c3bce8b225659bdc57a48778081fa866c092d59b4108c1d992e33f9543ae2b4c7554b8ff27b5332cdf
-
Filesize
695KB
MD5195ffb7167db3219b217c4fd439eedd6
SHA11e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA51256eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
Filesize
25KB
MD5e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA12242627282f9e07e37b274ea36fac2d3cd9c9110
SHA2564f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11
-
Filesize
39KB
MD53ab57a33a6e3a1476695d5a6e856c06a
SHA1dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
SHA2564aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
SHA51258dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92
-
Filesize
390B
MD553140e18fb33e7e9a25e13f57a4190aa
SHA1dd72190319ae2b7ddb12a137f50fad2579fcc897
SHA2561cbd08945e5e8612b690e1eb663917cfb4f84f0083bf7d2c2a61f43e6c455e9b
SHA512fb9b0456c7c9d468b14db242659d2cda36f7457f9035628d92538850a509e78116972e9890edc3b69d4379aaafb6da76ff2876b446b6953e14914cdfe7dc7b94
-
Filesize
2.6MB
MD53e3b2a4a40bb0a27ca9bb8dd8896b813
SHA14873a59c0f5f6a02daf8d751768806adef3f3162
SHA25617f8c490e26cb652a5d75be83a62e2376b0070c93c0bfd8c2e5de578380872d3
SHA512bc99be7dbb79f21ab0109e4b82cf7c151db83cf9b0ca548d96fa6577609f099bd935fc23374e405c60af0b6360c5cd89b40a04bc4e4ba4bce50f4eaff8c1aa63
-
Filesize
2.1MB
MD541cffe1e5ea438535fd5c7dafbba6eff
SHA1375bf030808225c16cc64a83e305769abfb9e405
SHA256ca34d5efcad920fbd1ca117137a13f0a7f1e3603ea102ef205f0dc80dc83ba95
SHA512202c4ef008b24197200094021a86dbd973f8f26c660d7607d168f96c718a71bb8376a38b3b563ed7eeda133de61cf77b084ea11f16c35072883dcacbfb1d4407
-
Filesize
682KB
MD5d3e06f624bf92e9d8aecb16da9731c52
SHA1565bdcbfcbfcd206561080c2000d93470417d142
SHA2564ee67f0b0b9ad2898e0d70ddfad3541fbd37520686f9e827a845d1930a590362
SHA512497126af59961054155fbb8c3789d6278a1f5426000342f25f54115429ff024e629783f50f0c5350500007854712b07f7d8174ecfe60d59c4fdd5f3d72dac262
-
Filesize
1.1MB
MD534572fb491298ed95ad592351fb1f172
SHA14590080451f11ff4796d0774de3ff638410abdba
SHA256c4363d6ecfa5770b021ce72cc7d2ab9be56b0ce88075ec051ad1de99b736dbbd
SHA512e0e7deccb26b7df78d6193750bfb9aad575b807424a0a5d124bd944e568c1bb1ae29f584246f753d619081a48d2897815145028ffedd9488e9a8f102cdc67e2f
-
Filesize
1.3MB
MD55b3802f150c42ad6d24674ae78f9d3e8
SHA1428139f0a862128e55e5231798f7c8e2df34a92a
SHA2569f455612e32e5da431c7636773e34bd08dae79403cc8cf5b782b0ea4f1955799
SHA51207afbd49e17d67957c65929ca7bdfe03b33b299c66c48aa738262da480ed945712d891be83d35bd42833d5465ef60e09c7a5956df0a369ec92d3bc2d25a09007
-
Filesize
2.4MB
MD5d4eed9e3879a2b5ba888efa4023e8e90
SHA1c63da81ae517bf3d0610b235e5bc7e5c764bd97d
SHA25673b908293ec7620d02dc1c412b99fbdbb28aa74be7939739d260483db6622c2e
SHA512a1ce1a6f11f0d9621a92de5d74ca4b84ea5e64a3ad2544a1f486caa29d4b1465b1e34592a30efd8de105e8a2a5ce5fbcc4f9e97028d6503b9b20fcfc666b607b
-
Filesize
2.1MB
MD5571dbe6719b760601eebde5f7fef7b35
SHA16bad3a805c2522add9530e1461ab3412743c1be5
SHA256fcd2c9ddca34efef880e67dbadde542d3cef9751e43332e1b4faff44386c59d6
SHA512bbdee211799e770cbbc2afbb85a1154005214c883c5fb0ef5f688aafc8f1985196a1c044af1ddbe564573339c6babc0673e76984dc796ac77f8c3e1378ac955e
-
Filesize
2.1MB
MD5957b8ac6f462f2ecd99f4b232564528c
SHA1520b2615ce045f1cce4d96a08c7c555200093218
SHA2569bb61d7828ed2c3fe8af11b7822279f867766300b78b29852dc1d3e0c1241dd1
SHA512815c04cd7467dfe154a2130905e15a3aa128b8fe8785565a2be807f7b6ddfcbd99ecd4e7fd55a24074da0400c3ffbfef287293fe36008b5d3d2a9f1defbeacc8
-
Filesize
1.4MB
MD5cb72bef6ce55aa7c9e3a09bd105dca33
SHA1d48336e1c8215ccf71a758f2ff7e5913342ea229
SHA25647ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893
SHA512c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0
-
Filesize
2.1MB
MD5c4c404d9456b663d70d97c3e26c96291
SHA17f2266c66064be50f2b5fa501303e9788413d73a
SHA256ca4a6f8aaab7e6442baa0c31aff3fb13435638f17061bcefb63be517d0e24361
SHA512cafc81354441c113907d9cc8bdf14f5b5ced89f9d0071d6412a22490cb7d8084d7c648a22246417d8d69d1102741faf2e0733142eb8732fa9629e55eb1a5e82f
-
Filesize
459KB
MD5ce2c45983f63a6cf0cddce68778124e9
SHA16553dc5b4bc68dcb1e9628a718be9c5b481a6677
SHA2569ca8840bbb5f587848e66d08d36cb5eb30c1c448ef49ce504961ff4ac810c605
SHA512df81a3356168e78d9810f5e87ca86eb4f56e5f0cb6afdb13408b50778a2d8b18c70b02c6348cd7ba59609ab2956d28eed324706eb65d04bce1159a2d8f1e0e8f
-
Filesize
2.4MB
MD5da36f3c6d72765b55f83593817c66d12
SHA18dcb7d1d4555b31c1e28a4fc9692f8eb7d4b449a
SHA2565d2e9288c38f416888e357b6e2be659cb941c04deed1d74f3464c08f887dd4b1
SHA512537ea2903d035c6f9b3505a55d710664f55c4298b001648945049848a72a96e542d3dc0e630eb2ec3af0912eaf2607509eef124086812780576eabc0a3c68972
-
Filesize
2.1MB
MD5ec6d7a31ff4b955818ac67c45a746d65
SHA1b9c5e649780b93d3ec5a4ed3811d8e044392e570
SHA256b1cb1df27718e91752cb56cf964e53273f5276bcc70a2e5de7d3c39cd7119931
SHA51219ae55b6dca306e2717567559701b124b34084b3d9842442a967e9b805c31944e9638a0a312822a6d3843d564adcbd89a544dfc9fd701242bc2f1bff9209487d
-
Filesize
455KB
MD5a8d060aa17ed42b6b2c4a9fcbab8a7e1
SHA116e4e544eca024f8b5a70b4f3ca339a7a0a51ebf
SHA25655e4ae861aa1cacb09db070a4be0e9dd9a24d2d45e4168824364307120a906b2
SHA5128f3820e3c5aca560344a253d068936bdb797d07eb22711020d287a949c97d7a98879ff9ff5a4fb2f3fe804bf502300b6f4c92918d973bef351d587483bc43723
-
Filesize
2.1MB
MD52d5bea728d874feb4259df3fe56d83c0
SHA1bbadc27a708670d6e371a3ba0b9420698eb6e606
SHA2567b3b569afff2042d9a9da748d4be2f99a17f3e865bab14bda0f3abf0fff99b21
SHA512850090edd0cacd320af80d649dd00a98c53cc6d2354d981faf78b25b4fbd15a8a6fe86ac238c8a09c36644230ace3beb56a41d043d7b7c743a9d83bcfabc6419
-
Filesize
672KB
MD512c20b1ea7dccafb8250e13e46bc9914
SHA16ed3625dffea1ad3e1aceae4c55caaf195fd7c18
SHA2565591258720aed178de57b4e61eb59b2c4af2566caa1d18a7157cf8d0feca11d7
SHA512e520e67eba1dcf236a0daf43ec57182821b1e9142592ef471c724caf74292ed85291bd3b84fef6107ee2c258f93ea4fff2df18485537d73ddfd973b863c76727
-
Filesize
2.4MB
MD5d2653270c9150d8025cd4915e0aa0675
SHA1395815e4e7fe36b6cf91ebf9622a6e4e5e622b2d
SHA256c21d2acc27eb26ead75538d73446c843c2b48b70548cd6ea60ac8b914d0e0f94
SHA5124b2852842e14ec83e69fae1c7de00ad006eb54808ffd6e7bcc5a364ac4ee04a937d120db8a2e067e3bdd1ea1242e3503e498b5d984bddf53b58ccd70afee14cf
-
Filesize
1.9MB
MD5ab4015c407f5cfdab4beb87865f86c35
SHA17586326a529d8aa547e2749400a5e658be761158
SHA25650e322c7ed6958ed1e3ff7d581133797b02fa012644c462b85b43936f46c48f0
SHA5128b2043ea4df79a4de4e5e0caf8d0a0d081b582d0a836aa47f7ba82b4ff98c52fa6cf055381d25b5bbf16b7e1799740e66235acc096787ad78d0935165e3ac4f2
-
Filesize
24KB
-
Filesize
1.1MB
-
Filesize
80KB
-
Filesize
1.0MB
-
Filesize
224KB
-
Filesize
56KB
-
Filesize
296KB
-
Filesize
64KB
-
Filesize
112KB
-
Filesize
40KB
-
Filesize
32KB
-
Filesize
136KB
-
Filesize
16.0MB
-
Filesize
128KB
-
Filesize
8KB
-
Filesize
40KB
-
Filesize
40KB
-
Filesize
72KB
-
Filesize
920KB
-
Filesize
280KB
-
Filesize
144KB
-
Filesize
712KB
-
Filesize
17.3MB
-
Filesize
1.8MB
-
Filesize
7.7MB
-
Filesize
1.0MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
1.5MB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
840KB
-
Filesize
7.7MB
-
Filesize
1.1MB
-
Filesize
40KB
-
Filesize
280KB
-
Filesize
72KB
-
Filesize
5.6MB
-
Filesize
32KB
-
Filesize
56KB
-
Filesize
224KB
-
Filesize
7.7MB
-
Filesize
128KB
-
Filesize
584KB
-
Filesize
4KB