38cc99ed1a4e104d5a7aa4e3f78c557f432902c32b1c118d802d84aa59bfa770

Analysis

max time kernel
104s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Celestial/Celestial.jar
Size

639KB
MD5

335e19f97c6bd6e1edd3e05b577a4b85
SHA1

d764d2645145bd2cb185fe53c3589e634b19b991
SHA256

2806e12d1f19ba55fc572cb9662c1bc6c81a2608c00085a198101e71f1c6c154
SHA512

e25f4f75a375d85a796496877cfce5b27983da4ad577602b1c0dd7593786f20881ac3cdc42c67301d1296e2954ef307eaf6198d0785f047db06f499efa60fef1
SSDEEP

12288:oXrrQn/RFjC9p4V30jSDgm/LR/+d1QNGDYgSB2RvG3ouk2ZkSUVDs7:oXfQ//Cn41zDgmFOQGDlIRou5Z3UVDs7

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1743018055546.tmp"	reg.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2232	java.exe
2232	java.exe
2232	java.exe
2232	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 4824	2232	java.exe	90
PID 2232 wrote to memory of 4824	2232	java.exe	90
PID 2232 wrote to memory of 4944	2232	java.exe	92
PID 2232 wrote to memory of 4944	2232	java.exe	92
PID 4944 wrote to memory of 4708	4944	cmd.exe	94
PID 4944 wrote to memory of 4708	4944	cmd.exe	94

Views/modifies file attributes 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
4824	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Celestial\Celestial.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743018055546.tmp
  2⤵
  - Views/modifies file attributes
  PID:4824
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743018055546.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4944
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743018055546.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\imageio4846876627260093193.tmp

Filesize
28KB

MD5
c270e6940d8591aa6bb199255965c4d3

SHA1
957e3db92331dd0d37fb5e30404aaeef544519e9

SHA256
c9751c46fa5fb74f106403064a5d0f9245e2dd4f37ee6aa72ee721e28227b1fa

SHA512
2018b3db3992e4b4357382ee8f686a0b63ebca5b9fc9438d175e9006638add337b6b34d05759be4fe7b352516d59fe9083a50119c261e204cdd31d99b10682a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio5706442050657544453.tmp

Filesize
28KB

MD5
546e3748dcb4c370dd85c50cb4a5b8a8

SHA1
6b760b7cfd223b64ea6a34561eaad1ddf822794a

SHA256
94d49af64f6fb3d82c2bcdc902e10047e581e26fec6e006a346a931e77fc6a58

SHA512
f6873ef42ab463fbda8f127805d8b7cbe925a39e50300ac16ff3c2be113764525811ecf1cd2ea448723f086c620e42ef0a7d42bc3c4984771122660b93c2a5ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio6140386548251453445.tmp

Filesize
28KB

MD5
54e03e04683e075fd71cb5dba2c04b4a

SHA1
e8002fb04a03680224766367779c85b307ed6393

SHA256
d151362c5d16edd9b386267c6495909368e4ad6809f49c9529c6a51114c4b4d6

SHA512
c256e28fe11b6c9fdb8a00a8910d09599cd64fe86709d2e970bb968b95953af72d3c07bde8eebf91c7d0ed963dd5f82f5e9f8028b63d425df33daf72e1091d85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1743018055546.tmp

Filesize
639KB

MD5
335e19f97c6bd6e1edd3e05b577a4b85

SHA1
d764d2645145bd2cb185fe53c3589e634b19b991

SHA256
2806e12d1f19ba55fc572cb9662c1bc6c81a2608c00085a198101e71f1c6c154

SHA512
e25f4f75a375d85a796496877cfce5b27983da4ad577602b1c0dd7593786f20881ac3cdc42c67301d1296e2954ef307eaf6198d0785f047db06f499efa60fef1

Download Submit
memory/2232-2-0x000001E080000000-0x000001E080270000-memory.dmp

Filesize
2.4MB

Download
memory/2232-15-0x000001E080270000-0x000001E080280000-memory.dmp

Filesize
64KB

Download
memory/2232-17-0x000001E080280000-0x000001E080290000-memory.dmp

Filesize
64KB

Download
memory/2232-19-0x000001E080290000-0x000001E0802A0000-memory.dmp

Filesize
64KB

Download
memory/2232-21-0x000001E0802A0000-0x000001E0802B0000-memory.dmp

Filesize
64KB

Download
memory/2232-24-0x000001E0802B0000-0x000001E0802C0000-memory.dmp

Filesize
64KB

Download
memory/2232-25-0x000001E0802C0000-0x000001E0802D0000-memory.dmp

Filesize
64KB

Download
memory/2232-27-0x000001E0802D0000-0x000001E0802E0000-memory.dmp

Filesize
64KB

Download
memory/2232-29-0x000001E0802E0000-0x000001E0802F0000-memory.dmp

Filesize
64KB

Download
memory/2232-31-0x000001E0F19D0000-0x000001E0F19D1000-memory.dmp

Filesize
4KB

Download
memory/2232-35-0x000001E0802F0000-0x000001E080300000-memory.dmp

Filesize
64KB

Download
memory/2232-40-0x000001E080300000-0x000001E080310000-memory.dmp

Filesize
64KB

Download
memory/2232-39-0x000001E080000000-0x000001E080270000-memory.dmp

Filesize
2.4MB

Download
memory/2232-42-0x000001E080270000-0x000001E080280000-memory.dmp

Filesize
64KB

Download
memory/2232-43-0x000001E080310000-0x000001E080320000-memory.dmp

Filesize
64KB

Download
memory/2232-44-0x000001E0F19D0000-0x000001E0F19D1000-memory.dmp

Filesize
4KB

Download
memory/2232-46-0x000001E080280000-0x000001E080290000-memory.dmp

Filesize
64KB

Download
memory/2232-47-0x000001E080320000-0x000001E080330000-memory.dmp

Filesize
64KB

Download
memory/2232-53-0x000001E080330000-0x000001E080340000-memory.dmp

Filesize
64KB

Download
memory/2232-52-0x000001E080290000-0x000001E0802A0000-memory.dmp

Filesize
64KB

Download
memory/2232-56-0x000001E080340000-0x000001E080350000-memory.dmp

Filesize
64KB

Download
memory/2232-55-0x000001E0802A0000-0x000001E0802B0000-memory.dmp

Filesize
64KB

Download
memory/2232-59-0x000001E0802B0000-0x000001E0802C0000-memory.dmp

Filesize
64KB

Download
memory/2232-60-0x000001E080350000-0x000001E080360000-memory.dmp

Filesize
64KB

Download
memory/2232-62-0x000001E0F19D0000-0x000001E0F19D1000-memory.dmp

Filesize
4KB

Download
memory/2232-63-0x000001E0802C0000-0x000001E0802D0000-memory.dmp

Filesize
64KB

Download
memory/2232-64-0x000001E0802D0000-0x000001E0802E0000-memory.dmp

Filesize
64KB

Download
memory/2232-66-0x000001E0802E0000-0x000001E0802F0000-memory.dmp

Filesize
64KB

Download
memory/2232-68-0x000001E080360000-0x000001E080370000-memory.dmp

Filesize
64KB

Download
memory/2232-67-0x000001E0802F0000-0x000001E080300000-memory.dmp

Filesize
64KB

Download
memory/2232-72-0x000001E080370000-0x000001E080380000-memory.dmp

Filesize
64KB

Download
memory/2232-71-0x000001E080300000-0x000001E080310000-memory.dmp

Filesize
64KB

Download
memory/2232-75-0x000001E080380000-0x000001E080390000-memory.dmp

Filesize
64KB

Download
memory/2232-74-0x000001E080310000-0x000001E080320000-memory.dmp

Filesize
64KB

Download
memory/2232-76-0x000001E0F19D0000-0x000001E0F19D1000-memory.dmp

Filesize
4KB

Download
memory/2232-77-0x000001E080320000-0x000001E080330000-memory.dmp

Filesize
64KB

Download
memory/2232-80-0x000001E080390000-0x000001E0803A0000-memory.dmp

Filesize
64KB

Download
memory/2232-79-0x000001E080330000-0x000001E080340000-memory.dmp

Filesize
64KB

Download
memory/2232-82-0x000001E080340000-0x000001E080350000-memory.dmp

Filesize
64KB

Download
memory/2232-83-0x000001E080350000-0x000001E080360000-memory.dmp

Filesize
64KB

Download
memory/2232-85-0x000001E0F19D0000-0x000001E0F19D1000-memory.dmp

Filesize
4KB

Download
memory/2232-89-0x000001E080360000-0x000001E080370000-memory.dmp

Filesize
64KB

Download
memory/2232-90-0x000001E0803A0000-0x000001E0803B0000-memory.dmp

Filesize
64KB

Download
memory/2232-91-0x000001E0F19D0000-0x000001E0F19D1000-memory.dmp

Filesize
4KB

Download
memory/2232-92-0x000001E080370000-0x000001E080380000-memory.dmp

Filesize
64KB

Download
memory/2232-93-0x000001E080380000-0x000001E080390000-memory.dmp

Filesize
64KB

Download
memory/2232-95-0x000001E0803B0000-0x000001E0803C0000-memory.dmp

Filesize
64KB

Download
memory/2232-99-0x000001E0F19D0000-0x000001E0F19D1000-memory.dmp

Filesize
4KB

Download
memory/2232-102-0x000001E0803C0000-0x000001E0803D0000-memory.dmp

Filesize
64KB

Download
memory/2232-101-0x000001E080390000-0x000001E0803A0000-memory.dmp

Filesize
64KB

Download
memory/2232-107-0x000001E0803D0000-0x000001E0803E0000-memory.dmp

Filesize
64KB

Download
memory/2232-109-0x000001E0803E0000-0x000001E0803F0000-memory.dmp

Filesize
64KB

Download
memory/2232-125-0x000001E0803F0000-0x000001E080400000-memory.dmp

Filesize
64KB

Download
memory/2232-128-0x000001E080400000-0x000001E080410000-memory.dmp

Filesize
64KB

Download
memory/2232-133-0x000001E080410000-0x000001E080420000-memory.dmp

Filesize
64KB

Download
memory/2232-144-0x000001E080420000-0x000001E080430000-memory.dmp

Filesize
64KB

Download
memory/2232-143-0x000001E0803A0000-0x000001E0803B0000-memory.dmp

Filesize
64KB

Download
memory/2232-163-0x000001E080430000-0x000001E080440000-memory.dmp

Filesize
64KB

Download
memory/2232-192-0x000001E080440000-0x000001E080450000-memory.dmp

Filesize
64KB

Download
memory/2232-193-0x000001E0803B0000-0x000001E0803C0000-memory.dmp

Filesize
64KB

Download
memory/2232-194-0x000001E080450000-0x000001E080460000-memory.dmp

Filesize
64KB

Download
memory/2232-215-0x000001E080460000-0x000001E080470000-memory.dmp

Filesize
64KB

Download
memory/2232-214-0x000001E0803C0000-0x000001E0803D0000-memory.dmp

Filesize
64KB

Download
memory/2232-245-0x000001E0803D0000-0x000001E0803E0000-memory.dmp

Filesize
64KB

Download
memory/2232-246-0x000001E080470000-0x000001E080480000-memory.dmp

Filesize
64KB

Download
memory/2232-279-0x000001E0803E0000-0x000001E0803F0000-memory.dmp

Filesize
64KB

Download
memory/2232-289-0x000001E0803F0000-0x000001E080400000-memory.dmp

Filesize
64KB

Download
memory/2232-290-0x000001E080480000-0x000001E080490000-memory.dmp

Filesize
64KB

Download
memory/2232-318-0x000001E080490000-0x000001E0804A0000-memory.dmp

Filesize
64KB

Download
memory/2232-317-0x000001E080400000-0x000001E080410000-memory.dmp

Filesize
64KB

Download
memory/2232-327-0x000001E0804A0000-0x000001E0804B0000-memory.dmp

Filesize
64KB

Download
memory/2232-326-0x000001E080410000-0x000001E080420000-memory.dmp

Filesize
64KB

Download
memory/2232-372-0x000001E080420000-0x000001E080430000-memory.dmp

Filesize
64KB

Download
memory/2232-380-0x000001E080430000-0x000001E080440000-memory.dmp

Filesize
64KB

Download
memory/2232-381-0x000001E0804B0000-0x000001E0804C0000-memory.dmp

Filesize
64KB

Download
memory/2232-415-0x000001E0804C0000-0x000001E0804D0000-memory.dmp

Filesize
64KB

Download
memory/2232-417-0x000001E0F19D0000-0x000001E0F19D1000-memory.dmp

Filesize
4KB

Download
memory/2232-423-0x000001E080450000-0x000001E080460000-memory.dmp

Filesize
64KB

Download
memory/2232-424-0x000001E080460000-0x000001E080470000-memory.dmp

Filesize
64KB

Download
memory/2232-425-0x000001E080470000-0x000001E080480000-memory.dmp

Filesize
64KB

Download
memory/2232-426-0x000001E080480000-0x000001E080490000-memory.dmp

Filesize
64KB

Download
memory/2232-427-0x000001E080490000-0x000001E0804A0000-memory.dmp

Filesize
64KB

Download
memory/2232-428-0x000001E0804A0000-0x000001E0804B0000-memory.dmp

Filesize
64KB

Download
memory/2232-429-0x000001E0804B0000-0x000001E0804C0000-memory.dmp

Filesize
64KB

Download
memory/2232-430-0x000001E0804C0000-0x000001E0804D0000-memory.dmp

Filesize
64KB

Download
memory/2232-431-0x000001E080000000-0x000001E080270000-memory.dmp

Filesize
2.4MB

Download
memory/2232-449-0x000001E080380000-0x000001E080390000-memory.dmp

Filesize
64KB

Download
memory/2232-448-0x000001E080370000-0x000001E080380000-memory.dmp

Filesize
64KB

Download
memory/2232-447-0x000001E080360000-0x000001E080370000-memory.dmp

Filesize
64KB

Download
memory/2232-446-0x000001E080350000-0x000001E080360000-memory.dmp

Filesize
64KB

Download
memory/2232-445-0x000001E080340000-0x000001E080350000-memory.dmp

Filesize
64KB

Download
memory/2232-444-0x000001E080330000-0x000001E080340000-memory.dmp

Filesize
64KB

Download
memory/2232-443-0x000001E080320000-0x000001E080330000-memory.dmp

Filesize
64KB

Download
memory/2232-442-0x000001E080310000-0x000001E080320000-memory.dmp

Filesize
64KB

Download
memory/2232-441-0x000001E080300000-0x000001E080310000-memory.dmp

Filesize
64KB

Download
memory/2232-440-0x000001E0802F0000-0x000001E080300000-memory.dmp

Filesize
64KB

Download
memory/2232-439-0x000001E0802E0000-0x000001E0802F0000-memory.dmp

Filesize
64KB

Download
memory/2232-438-0x000001E0802D0000-0x000001E0802E0000-memory.dmp

Filesize
64KB

Download
memory/2232-437-0x000001E0802C0000-0x000001E0802D0000-memory.dmp

Filesize
64KB

Download
memory/2232-436-0x000001E0802B0000-0x000001E0802C0000-memory.dmp

Filesize
64KB

Download
memory/2232-435-0x000001E0802A0000-0x000001E0802B0000-memory.dmp

Filesize
64KB

Download
memory/2232-434-0x000001E080290000-0x000001E0802A0000-memory.dmp

Filesize
64KB

Download
memory/2232-433-0x000001E080280000-0x000001E080290000-memory.dmp

Filesize
64KB

Download
memory/2232-432-0x000001E080270000-0x000001E080280000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads