Overview

overview

10

Static

static

10

celerysetup.exe

windows7-x64

7

celerysetup.exe

windows10-2004-x64

8

Resubmissions

06-10-2024 21:14

241006-z3jrvszhka 10

06-10-2024 21:12

241006-z2bd4awdlj 10

Analysis

  • max time kernel
    15s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-10-2024 21:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    celerysetup.exe

  • Size

    7.6MB

  • MD5

    bcc4c5c4f3e9d8e5c12a4b156766f117

  • SHA1

    f85e013c8bbad32e8f54f99382b80f71adb79130

  • SHA256

    4dbf6c6b281c6841b734e685cfa02d0eca8470e6470193baff6458deff269a99

  • SHA512

    6e7dafce0fa29f65753e8932a24fbe44c1caa498730ffed6dd9649395bf0db33fffecb404a6a92e9f26d65df57d9ed58aa86d533b462f0035b600e12daafddc0

  • SSDEEP

    196608:k3+sxfkRrLvjurErvI9pWjgU1DEzx7sKL/s1tekAW5kCU79aUXgH:yXxfezurEUWjhEhn01tjer0Kc

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\celerysetup.exe
    "C:\Users\Admin\AppData\Local\Temp\celerysetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Users\Admin\AppData\Local\Temp\celerysetup.exe
      "C:\Users\Admin\AppData\Local\Temp\celerysetup.exe"
      2⤵
      • Loads dropped DLL
      PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22442\python312.dll
    Filesize

    1.8MB

    MD5

    cbd02b4c0cf69e5609c77dfd13fba7c4

    SHA1

    a3c8f6bfd7ffe0783157e41538b3955519f1e695

    SHA256

    ecef0ed97c7b249af3c56cde0bfcae70f66530d716b48b5d94621c3dba8236b5

    SHA512

    a3760ecaa9736eb24370a0a20dd22a1ee53b3f8002195947bc7d21b239278ec8e26bcc131d0132c530767d1de59954be7946dcf54fcbf2584052c9d9a5615567

    Download Submit

  • memory/2556-23-0x000007FEF5ED0000-0x000007FEF65A9000-memory.dmp

    Filesize

    6.8MB

    Download