Analysis
-
max time kernel
16s -
max time network
9s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-12-2024 22:21
Behavioral task
behavioral1
Sample
CelexLoader.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
CelexLoader.exe
Resource
win10v2004-20241007-en
General
-
Target
CelexLoader.exe
-
Size
7.2MB
-
MD5
dd4f0038024db63ed77592f48b6ce1c8
-
SHA1
8f916dbf805c484fad877599028411484ef8bd58
-
SHA256
d647efceb6ede893bff7d814566986d52aaaf642f4670263d9486d4f2bd301b0
-
SHA512
75b976952bfd9615f5f7054617c0925ac374d53dae8dddc25396cbc2804913bc34d2b270afd9ff5d448328d13b4a6627a869eddc4c5c0fe88d4b79a02d37901b
-
SSDEEP
196608:DzFP2L3eN/FJMIDJf0gsAGKJAvCQbKRJnAK7HuV+:0E/Fqyf0gsAAaQbKVAKd
Malware Config
Signatures
-
Loads dropped DLL 10 IoCs
pid Process 3036 CelexLoader.exe 3036 CelexLoader.exe 3036 CelexLoader.exe 3036 CelexLoader.exe 3036 CelexLoader.exe 3036 CelexLoader.exe 3036 CelexLoader.exe 3036 CelexLoader.exe 3036 CelexLoader.exe 3036 CelexLoader.exe -
resource yara_rule behavioral1/files/0x0005000000019d2d-82.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2052 wrote to memory of 3036 2052 CelexLoader.exe 28 PID 2052 wrote to memory of 3036 2052 CelexLoader.exe 28 PID 2052 wrote to memory of 3036 2052 CelexLoader.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\CelexLoader.exe"C:\Users\Admin\AppData\Local\Temp\CelexLoader.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Users\Admin\AppData\Local\Temp\CelexLoader.exe"C:\Users\Admin\AppData\Local\Temp\CelexLoader.exe"2⤵
- Loads dropped DLL
PID:3036
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2844
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5178a0f45fde7db40c238f1340a0c0ec0
SHA1dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA2569fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA5124b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee
-
Filesize
1.3MB
MD5aeb9f4f32fc753609015fe77d3a6b4aa
SHA17cacca4fd3030461bc5d9bab0921a2b710a5b37b
SHA256897e24e229b482085b8ae0d5c95d5fe52b2a056a0eadbc91a1d175d94d859494
SHA512f803357691ae4cbb9d3993fe82afca3290e5e72a13fd71d5564187d820356f7651904057b3ecbc42bfb36a51730ece3a356316f4631fbeeb5f6a149fe02aa56b
-
Filesize
31KB
MD50efaa75c33588f1da2a17982503f728b
SHA1688c9b217fa07b2125c27261bb074a83d280ad01
SHA256d648efca4d3a3b38fe2c90f9132ba80f70c54f70ae21d58d94122dc6cd8049be
SHA512b2c7bde084f5bb6f944c4deaf87554fdde04f0251eca0949059cfe9d64db4f8cb33e80c1a76394a4f5ebb444af224f10d29ad0d71639aca82392f385059c0628
-
Filesize
31KB
MD5d65a7d48917288113cd327176b50b228
SHA1fedc113de093a942ef6beb24c25a3d969d90cd04
SHA2560c8a0a36f95eef832954b524681efe7047a5369ed6b30bbe88bdc7f642a4c58f
SHA51233c7e99ddee8cf0487734dc26483a6f25eaff6a15628a51f9e97d6db921038dba757464825f8d1f533fe8188c08bfac6ecdd5f3d8f4ae682cba0765c57b03ff4
-
Filesize
31KB
MD51bb7d9ada040376ff3a2000d04c2a07d
SHA12fb5d03398e8bf688a9fbdae8392a79baa4eac4a
SHA256e3ccea54268b466e2faa54c76db86557d5832b5950d41ac952bee7b9fb126a72
SHA5121c3162d5381e605f9a7ff318510af4d498bb1966490ea2e1baa96471fc950a2923f8b1701b605d6fdb9369aae37c753af4dd712f186516afdad2ef617e4a5d87
-
Filesize
31KB
MD5ae4454ac5a697362e472cf4da87b57dd
SHA13f35b9e3c7b25fdf754b611080b8cfb53b6a6dd2
SHA25687bf058788b21b7e04e143d77e507829b54f26322d88831728e998d1ed288f45
SHA51276ef156100ef29ceed5fe0e387afcd4bab2bbf0602c9c8ad51d85ed637ccb1ecab2f8e671e8d29293da23c39c3d94c8be40160482805372635100c2b85f3974e
-
Filesize
31KB
MD5af74b88d2bfdb39e43f7086e4325382d
SHA128f8347fde2299cb8045c9489034cb74b73b90f6
SHA2566e1f717c51ae02dc24b04e812f8982da30ce15e3e7d3218db4634fe41a881e07
SHA512b538b1476a3c928c15cdb7f490d56d822f33d85e997e3352649ca78d2b676a3b68d50e972bc7be70391d51a2764403eb7f92c6303fb50804536fbac3ccc57b65
-
Filesize
31KB
MD5c7d64d8127e8bc73f9f3b65bb25c7423
SHA1c547a7bd30cde4b1a7821472eb847eedf430dfcb
SHA2568fa9ec5d5d0eba3df0461fcca609fadabb9a04ce24fded6d51e13533fb6af1d0
SHA512a66a668add4a22df6e4e9bc0d5c02632235fab565c3706d99ec5a4680e1b8e9b55045c5a1bf4071627e16cd18d2c3279f4eb88716b2e392f5411fe55ee06eaca
-
Filesize
31KB
MD5042887a3fbe42e6c6f3773c0da49e821
SHA13e4da0a726c5f6d478b7ffd0bc1806210c03e4bb
SHA256dc68e526a77a3b6b2586fb8d53594713f025f9efd3a8a91b6d4144a4289fca9f
SHA512bb7bacd05133699cad534be43d45f887987912be2fc09618d0f8d98e05f6622b6da9cd6bac539ef54370e4bbca38c8249eb862d554aa82daf4563ed4d91af6ed
-
Filesize
31KB
MD5d515f36661ef228e59355a9cca480e65
SHA15f1322c2500a21bffabe6e2e4f4d68310d1807ca
SHA256e7ff5a47931fb3766393b80ffafd228fd1fc8a5a9808a73aaea183422723c489
SHA5129e53518b1391b1434632846b6870c16249b12534dc5ed1df9422a5f2c3754abcbbecd04ac187ac36fb98b006e5b629a79fb6d630fb175baa4c5ee3afbe735e35