Overview

overview

7

Static

static

3

Release.zip

windows10-2004-x64

1

BetterFold...er.dll

windows10-2004-x64

1

CeleryApp.exe

windows10-2004-x64

1

CeleryIn.dll

windows10-2004-x64

1

CeleryInject.exe

windows10-2004-x64

1

CeleryLaun...g.json

windows10-2004-x64

3

CeleryLogo.ico

windows10-2004-x64

3

CeleryLogo.png

windows10-2004-x64

3

CeleryScript.bin

windows10-2004-x64

3

Costura.dll

windows10-2004-x64

1

Dragablz.dll

windows10-2004-x64

1

MaterialDe...rs.dll

windows10-2004-x64

1

MaterialDe...ns.dll

windows10-2004-x64

1

Microsoft....re.dll

windows10-2004-x64

1

Microsoft....ms.dll

windows10-2004-x64

1

Microsoft....pf.dll

windows10-2004-x64

1

Microsoft....rs.dll

windows10-2004-x64

1

System.Dia...ce.dll

windows10-2004-x64

1

bin/Monaco/index.html

windows10-2004-x64

5

bin/Monaco...on.ttf

windows10-2004-x64

7

bin/Monaco...ain.js

windows10-2004-x64

3

bin/Monaco...tes.js

windows10-2004-x64

3

bin/Monaco...ase.js

windows10-2004-x64

3

bin/Monaco...ses.js

windows10-2004-x64

3

bin/Monaco...del.js

windows10-2004-x64

3

bin/Monaco...num.js

windows10-2004-x64

3

bin/Monaco...tem.js

windows10-2004-x64

3

bin/Monaco...ums.js

windows10-2004-x64

3

bin/Monaco...nce.js

windows10-2004-x64

3

bin/Monaco...del.js

windows10-2004-x64

3

bin/Monaco...in.css

windows10-2004-x64

7

settings

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2024, 10:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/Monaco/vs/editor/editor.main.css

  • Size

    68KB

  • MD5

    deb0a19013648d19143c4e9981c87f02

  • SHA1

    0f4f223bae72cbec3f87be273223c11e0a6672e5

  • SHA256

    85b305d49bae83ae9fb7d5d1c84d93989e3dc252db38a7dc07b7d349902a89ce

  • SHA512

    456380613f3c73abe04b90f2fb5aa436bccdeb63e206cc63f6301bca85b241b363955d8fb574687c1182cd0a4efc82a9391961b99985f4a8b9483b42ccbeeb42

  • SSDEEP

    1536:8M3/S2lRD4PfPuPjPAPdjNZBmBkHE0akfPZP/PyM:J8NZBmBkHE0akP

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\bin\Monaco\vs\editor\editor.main.css
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3584
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\bin\Monaco\vs\editor\editor.main.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads