Analysis

  • max time kernel
    16s
  • max time network
    9s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 22:21

General

  • Target

    CelexLoader.exe

  • Size

    7.2MB

  • MD5

    dd4f0038024db63ed77592f48b6ce1c8

  • SHA1

    8f916dbf805c484fad877599028411484ef8bd58

  • SHA256

    d647efceb6ede893bff7d814566986d52aaaf642f4670263d9486d4f2bd301b0

  • SHA512

    75b976952bfd9615f5f7054617c0925ac374d53dae8dddc25396cbc2804913bc34d2b270afd9ff5d448328d13b4a6627a869eddc4c5c0fe88d4b79a02d37901b

  • SSDEEP

    196608:DzFP2L3eN/FJMIDJf0gsAGKJAvCQbKRJnAK7HuV+:0E/Fqyf0gsAAaQbKVAKd

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CelexLoader.exe
    "C:\Users\Admin\AppData\Local\Temp\CelexLoader.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Users\Admin\AppData\Local\Temp\CelexLoader.exe
      "C:\Users\Admin\AppData\Local\Temp\CelexLoader.exe"
      2⤵
      • Loads dropped DLL
      PID:3036
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2844

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI20522\python310.dll

      Filesize

      1.4MB

      MD5

      178a0f45fde7db40c238f1340a0c0ec0

      SHA1

      dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

      SHA256

      9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

      SHA512

      4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

    • C:\Users\Admin\AppData\Local\Temp\_MEI20522\ucrtbase.dll

      Filesize

      1.3MB

      MD5

      aeb9f4f32fc753609015fe77d3a6b4aa

      SHA1

      7cacca4fd3030461bc5d9bab0921a2b710a5b37b

      SHA256

      897e24e229b482085b8ae0d5c95d5fe52b2a056a0eadbc91a1d175d94d859494

      SHA512

      f803357691ae4cbb9d3993fe82afca3290e5e72a13fd71d5564187d820356f7651904057b3ecbc42bfb36a51730ece3a356316f4631fbeeb5f6a149fe02aa56b

    • \Users\Admin\AppData\Local\Temp\_MEI20522\api-ms-win-core-fibers-l1-1-1.dll

      Filesize

      31KB

      MD5

      0efaa75c33588f1da2a17982503f728b

      SHA1

      688c9b217fa07b2125c27261bb074a83d280ad01

      SHA256

      d648efca4d3a3b38fe2c90f9132ba80f70c54f70ae21d58d94122dc6cd8049be

      SHA512

      b2c7bde084f5bb6f944c4deaf87554fdde04f0251eca0949059cfe9d64db4f8cb33e80c1a76394a4f5ebb444af224f10d29ad0d71639aca82392f385059c0628

    • \Users\Admin\AppData\Local\Temp\_MEI20522\api-ms-win-core-file-l1-2-0.dll

      Filesize

      31KB

      MD5

      d65a7d48917288113cd327176b50b228

      SHA1

      fedc113de093a942ef6beb24c25a3d969d90cd04

      SHA256

      0c8a0a36f95eef832954b524681efe7047a5369ed6b30bbe88bdc7f642a4c58f

      SHA512

      33c7e99ddee8cf0487734dc26483a6f25eaff6a15628a51f9e97d6db921038dba757464825f8d1f533fe8188c08bfac6ecdd5f3d8f4ae682cba0765c57b03ff4

    • \Users\Admin\AppData\Local\Temp\_MEI20522\api-ms-win-core-file-l2-1-0.dll

      Filesize

      31KB

      MD5

      1bb7d9ada040376ff3a2000d04c2a07d

      SHA1

      2fb5d03398e8bf688a9fbdae8392a79baa4eac4a

      SHA256

      e3ccea54268b466e2faa54c76db86557d5832b5950d41ac952bee7b9fb126a72

      SHA512

      1c3162d5381e605f9a7ff318510af4d498bb1966490ea2e1baa96471fc950a2923f8b1701b605d6fdb9369aae37c753af4dd712f186516afdad2ef617e4a5d87

    • \Users\Admin\AppData\Local\Temp\_MEI20522\api-ms-win-core-kernel32-legacy-l1-1-1.dll

      Filesize

      31KB

      MD5

      ae4454ac5a697362e472cf4da87b57dd

      SHA1

      3f35b9e3c7b25fdf754b611080b8cfb53b6a6dd2

      SHA256

      87bf058788b21b7e04e143d77e507829b54f26322d88831728e998d1ed288f45

      SHA512

      76ef156100ef29ceed5fe0e387afcd4bab2bbf0602c9c8ad51d85ed637ccb1ecab2f8e671e8d29293da23c39c3d94c8be40160482805372635100c2b85f3974e

    • \Users\Admin\AppData\Local\Temp\_MEI20522\api-ms-win-core-localization-l1-2-0.dll

      Filesize

      31KB

      MD5

      af74b88d2bfdb39e43f7086e4325382d

      SHA1

      28f8347fde2299cb8045c9489034cb74b73b90f6

      SHA256

      6e1f717c51ae02dc24b04e812f8982da30ce15e3e7d3218db4634fe41a881e07

      SHA512

      b538b1476a3c928c15cdb7f490d56d822f33d85e997e3352649ca78d2b676a3b68d50e972bc7be70391d51a2764403eb7f92c6303fb50804536fbac3ccc57b65

    • \Users\Admin\AppData\Local\Temp\_MEI20522\api-ms-win-core-processthreads-l1-1-1.dll

      Filesize

      31KB

      MD5

      c7d64d8127e8bc73f9f3b65bb25c7423

      SHA1

      c547a7bd30cde4b1a7821472eb847eedf430dfcb

      SHA256

      8fa9ec5d5d0eba3df0461fcca609fadabb9a04ce24fded6d51e13533fb6af1d0

      SHA512

      a66a668add4a22df6e4e9bc0d5c02632235fab565c3706d99ec5a4680e1b8e9b55045c5a1bf4071627e16cd18d2c3279f4eb88716b2e392f5411fe55ee06eaca

    • \Users\Admin\AppData\Local\Temp\_MEI20522\api-ms-win-core-sysinfo-l1-2-0.dll

      Filesize

      31KB

      MD5

      042887a3fbe42e6c6f3773c0da49e821

      SHA1

      3e4da0a726c5f6d478b7ffd0bc1806210c03e4bb

      SHA256

      dc68e526a77a3b6b2586fb8d53594713f025f9efd3a8a91b6d4144a4289fca9f

      SHA512

      bb7bacd05133699cad534be43d45f887987912be2fc09618d0f8d98e05f6622b6da9cd6bac539ef54370e4bbca38c8249eb862d554aa82daf4563ed4d91af6ed

    • \Users\Admin\AppData\Local\Temp\_MEI20522\api-ms-win-core-timezone-l1-1-0.dll

      Filesize

      31KB

      MD5

      d515f36661ef228e59355a9cca480e65

      SHA1

      5f1322c2500a21bffabe6e2e4f4d68310d1807ca

      SHA256

      e7ff5a47931fb3766393b80ffafd228fd1fc8a5a9808a73aaea183422723c489

      SHA512

      9e53518b1391b1434632846b6870c16249b12534dc5ed1df9422a5f2c3754abcbbecd04ac187ac36fb98b006e5b629a79fb6d630fb175baa4c5ee3afbe735e35

    • memory/3036-84-0x000007FEF5A10000-0x000007FEF5E7E000-memory.dmp

      Filesize

      4.4MB