Analysis
-
max time kernel
74s -
max time network
76s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
05-08-2024 19:10
General
-
Target
Celisor.exe
-
Size
1.9MB
-
MD5
3752de1ba87ce393a3023648e30a2de5
-
SHA1
034c5eda4491b5d4fd0335919c45a7758366ed96
-
SHA256
6cefb5f6702bbffbc4a9bbd138868aecd94f879f85dc68bdc2805b1e494f3bb6
-
SHA512
40bfc682243a11fa165aa1568dabe81daf72b1b352050648806a894eee22c9f7b9a42a123baf67f0caa6d91a3e2198d1581d0592d836df931db516b79181381f
-
SSDEEP
24576:EsroGHhFw2fcdWOiZwN2lujg8z48dYrKbrc8Dxl08KMyElk1C45n33GsWcrViE3D:rGJ+84V9RDiW4GYI
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Celisor.exe"C:\Users\Admin\AppData\Local\Temp\Celisor.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4rsAAemKtQ2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb016e3cb8,0x7ffb016e3cc8,0x7ffb016e3cd83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1972 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4756 /prefetch:83⤵
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,578942762333842044,3046498404595132369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:13⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F01⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59828ffacf3deee7f4c1300366ec22fab
SHA19aff54b57502b0fc2be1b0b4b3380256fb785602
SHA256a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7
SHA5122e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d
-
Filesize
152B
MD56fdbe80e9fe20761b59e8f32398f4b14
SHA1049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f
SHA256b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942
SHA512cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234
-
Filesize
2KB
MD5dcafcd07fddcb7a64ed82de02c4ed383
SHA1dead51f5000a7beeca565017d583653039ab7394
SHA256bf8d14bceaf1218e8d6684af34c6e65efdd38e56e46e1148b59c0f8ca487d267
SHA5122c9680e8b7e4078bae7aa08107abe16c283a1f98e56a469de1aebe59ab3d4f9ae45fe1c1fb04c8e03203dee366026d548b51949e643ba4c02b8a5802ef6b7bb6
-
Filesize
456B
MD53ce79852f0ce072dab769d3ee739a358
SHA1679b8f2b5dff993fc852de98b6b020fe80a615b7
SHA256aadc86e23c7504bea62a0833f805e8dad4af72fbcdd70f9d258a2299aa528741
SHA51202c471970e0053dcc08f5cd33769bc5711cb51426fea61e46464ae006e5a22763c5ea0306922b57f0dd7b83b8819b85e4f780bbcf785480a5e5d9fd484b797ef
-
Filesize
729B
MD5e91bb438f7798581748353c11363124a
SHA126c425bf5d8b471f07c59b1ce7be9f6759a578e7
SHA25604c45f8899d54f69c45fd0b826ce429948f3df6d646aed4227b2abda2d26305c
SHA5128e5d1e418e8881e1bb2ac5b6d886f4e2ef80b63a2bc8d3e7a6e75c3faae9664d4167b2f1c265a7da711e3806ae7d51ab0780130c4e5f1f9eaab3d15f8ac5d674
-
Filesize
836B
MD583df2ffe06ea18d59c2b320163edb7aa
SHA1ce1c30d369142def98ade9e85217a97b3aa797f7
SHA25664702072dc6f328dd87d452ad15279bfbc5eb419a5befb622c233cd2d3fa18e8
SHA5129486e949b22f580f51a3ccc86e9599488ef78f66bcab27a47adabfb790da958f60e947afd61804a83d879a762b407d8d580b2b05263ad840b4e97e5f155cf692
-
Filesize
5KB
MD582c011fa8b80cb1d31c069c11b6daa22
SHA1174bfc05153990ece8957a3075c634a56ebe3a45
SHA25615e1ae111310b63e69f117708e6f1700d03af71cb364dd8df93860b8cb1cfc76
SHA51243cb3174059a687ad218a3bab2154eb358d415917ae8e78a6e48fe9cac4c172cf3665281fb6c9244d1627924ea72e28b72518dff6a4f5b79fb4011f653ea013b
-
Filesize
6KB
MD576c902723a0599b7e3a6f1203cc5fea2
SHA12bcba177c48310adcb6f992a0f501627008e2d45
SHA2561a825bf23595152a00db212c2a6b99e7749f68d8361b355a7c4f045435d79274
SHA512fde63563f89cea52e84d15d118681dc5dc1eda16b47af97eec8170b93994327795d7bf5fd7ea99be9cd22493c2857c5d1d88cff233b5e31878d6a978d40d1f18
-
Filesize
6KB
MD555a275088bf35a4dc42755f8f0956ca3
SHA160f609d8d49f75edbccd500585eeec613297a608
SHA2567b5d640439795684a7b99494d788bb69717ea4e5f8041b066c7be62c3546d26a
SHA512501beb90de3ebcbdb7ceba42d4dee4d3f51c14d421dcb429a3529d47d05418e9e1a7e525014df96ef4cb312aea226a795475c1d74293a5328480f33bd8ec7639
-
Filesize
6KB
MD5c2c62474ed7b0100f7ee039b5a890edc
SHA1a2c9dc3490e4625c06c5e74b469cad3831cf35d6
SHA256b4baad9e7e68c956734027a550b15d3a72b06426108da78e66aab82fc61e928b
SHA5123cf6f7341f48138c9d8addf5f8d853c1c4a3d4d10c1a7aad63d5ea41b33b244ec716505f89fe79801a8eafd69bf91f234b1556331f5a193322a3150548b3875e
-
Filesize
6KB
MD5feaf6ad43f00fd37f9c7eaac08d1e331
SHA1c6440ffbe17169c57410d8e78063162a765999d3
SHA2568e792592164eee58099e20822afc2922e718a07378e7f9fa3997748506bde713
SHA5129c91a132293f256a83b9d92d38631cd365a46d00e6f0b2f81882927e902e42162e4aedcd4b6fc2f94d8662daefd18a359f9f4875c33a6b7ac4aa5dff7b1c3ce7
-
Filesize
1KB
MD5984b42240eda2da4fa2fd36ae4293033
SHA19638f7cf7b31c54275a19c8a73bcdad659625e18
SHA25666506f113162b0d3499c433ba0ee790cbbc7810c62aae33f825e718d471f12d9
SHA512875c99f5cd9fb2694369823ebd7f7d39c7b803688b49c622d4dc7722164378f782d75a5825cba8df79fda755d5ae6beeac03dceab96226f03fee4a9b7fcff01f
-
Filesize
1KB
MD53e4c78b239ccde52b7de5738776c0c97
SHA133080ac8dd18b028a5ef1aad27bb4a8a3b231cbc
SHA256181acc038fb48511e9d77e364f9073a1256c08c05d72c5681e2b9de1bf3ef192
SHA512065e82f1572282ab838fa107c1be3b58eb11df02ece60075f8c7c7b52aad8c27811446343966881e22ce270ffce13dda85ce28c3a95ea9bec5ac3575ab40e73e
-
Filesize
370B
MD5b78be4d386b49fc811072092ad5bfe87
SHA1c6ae27df6d38bf8961f3b1b7290a470087e65678
SHA2561d5a8e31d5429b7f06ada690015eb9b71fc91fca19f3499185e83991c171e7a1
SHA512c165fa964a8fd5870150b7404f1d2b3408a385531e66ca43d688f863ab4c7485b93914391573f9289c704134ad9b7d4701bb8b7d508ffae51e9e20d51d405181
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5355bc662f0592b8a0db46b35f0f91d19
SHA1b1ef97413aa4b9e8555b8b2060f157fcaaff6c00
SHA2560edf7a8ab86202db28cab13cc9d938b57391658c29b30a4228cd5a54b4bc2023
SHA512c3194de07a758b070b864c2da99ab2d726991f2150eeeb09355b1554fc1cf3eb79b53e3fc31c59955cef15846c300d148eecc51a8dd90a449f86059e25cd67ac
-
Filesize
11KB
MD559b044429366b9592417fb33147dbbee
SHA1a6481b4426d0ce925969ddd559c712c750f24637
SHA256a7a14c96ace18e1cb32b36f491a7c1aa1bcbeea561bf6385ea5b61095570bc51
SHA5125399305ce1af99c96f156ad7f5caf6f334d74c03a2493ee95c68228e56dd2d3f476c3791774a876f77277cc8e1ad70e9bacb181109698b6890df9b8ec611c3d6
-
Filesize
11KB
MD584f3b77ec2df9944858838881348cec3
SHA1931fab60276e7fa0cab1e4195457771751dc1ddb
SHA256a51ed31fd0aee3dd29e66ff762fe699fa094e1857586bb388e9d8f31d17ac843
SHA512b819f718b562d332a14c9cf0537fa322c36e57540cc6f44204b8db59fe5f4bc51edf01772d11e34487dc6dacb903d0e4c7f21efa5697a534ed9f42425205e040
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84