Analysis
-
max time kernel
143s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
05-07-2024 02:57
General
-
Target
CelexCracked.rar
-
Size
78.1MB
-
MD5
cbf4aebac3872bd49090b6eaf068278f
-
SHA1
432e83834f33d4cb57291ce1f36a318e1a9e1041
-
SHA256
59f1c83d17ea02c6c8d315617f5382c49c485a149df41843d19e1d4c02f7fcaa
-
SHA512
da4d106b0115e24d6957c90c73d799bdf452c694bed1e760a01b0706dfb78d5161b7826058f995cec639a41c46eb85c54017102d7b3e2b1f67427183eb3e7fa0
-
SSDEEP
1572864:g3jVGpeudTf+SSJQwf5bn29Z4AjSGKU19Wjww2xWY6fqPo+ztCXX1zrydn69tux:MjVGEuRf+fQwfwaESHcy2xWY6ooCet+h
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 17 IoCs
-
Suspicious use of SendNotifyMessage 15 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CelexCracked.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CelexCracked.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CelexCracked.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\CelexCracked.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4fc1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2220-30-0x000007FEFB1A0000-0x000007FEFB1D4000-memory.dmpFilesize
208KB
-
memory/2220-29-0x000000013FD00000-0x000000013FDF8000-memory.dmpFilesize
992KB
-
memory/2220-33-0x000007FEFB160000-0x000007FEFB177000-memory.dmpFilesize
92KB
-
memory/2220-34-0x000007FEFB140000-0x000007FEFB151000-memory.dmpFilesize
68KB
-
memory/2220-32-0x000007FEFB180000-0x000007FEFB198000-memory.dmpFilesize
96KB
-
memory/2220-35-0x000007FEFB120000-0x000007FEFB137000-memory.dmpFilesize
92KB
-
memory/2220-36-0x000007FEFAB40000-0x000007FEFAB51000-memory.dmpFilesize
68KB
-
memory/2220-37-0x000007FEF79F0000-0x000007FEF7A0D000-memory.dmpFilesize
116KB
-
memory/2220-38-0x000007FEF79D0000-0x000007FEF79E1000-memory.dmpFilesize
68KB
-
memory/2220-31-0x000007FEF60A0000-0x000007FEF6356000-memory.dmpFilesize
2.7MB
-
memory/2220-39-0x000007FEF5D60000-0x000007FEF5F6B000-memory.dmpFilesize
2.0MB
-
memory/2220-42-0x000007FEF6DE0000-0x000007FEF6E01000-memory.dmpFilesize
132KB
-
memory/2220-44-0x000007FEF6FC0000-0x000007FEF6FD1000-memory.dmpFilesize
68KB
-
memory/2220-43-0x000007FEF79B0000-0x000007FEF79C8000-memory.dmpFilesize
96KB
-
memory/2220-41-0x000007FEF6E10000-0x000007FEF6E51000-memory.dmpFilesize
260KB
-
memory/2220-45-0x000007FEF6DC0000-0x000007FEF6DD1000-memory.dmpFilesize
68KB
-
memory/2220-46-0x000007FEF6DA0000-0x000007FEF6DB1000-memory.dmpFilesize
68KB
-
memory/2220-47-0x000007FEF68C0000-0x000007FEF68DB000-memory.dmpFilesize
108KB
-
memory/2220-48-0x000007FEF68A0000-0x000007FEF68B1000-memory.dmpFilesize
68KB
-
memory/2220-49-0x000007FEF6880000-0x000007FEF6898000-memory.dmpFilesize
96KB
-
memory/2220-51-0x000007FEF5CF0000-0x000007FEF5D57000-memory.dmpFilesize
412KB
-
memory/2220-50-0x000007FEF6850000-0x000007FEF6880000-memory.dmpFilesize
192KB
-
memory/2220-55-0x000007FEF5BE0000-0x000007FEF5C08000-memory.dmpFilesize
160KB
-
memory/2220-61-0x000007FEF00A0000-0x000007FEF00B7000-memory.dmpFilesize
92KB
-
memory/2220-65-0x000007FEEF5F0000-0x000007FEEF606000-memory.dmpFilesize
88KB
-
memory/2220-64-0x000007FEEFCF0000-0x000007FEEFD01000-memory.dmpFilesize
68KB
-
memory/2220-63-0x000007FEF0070000-0x000007FEF009F000-memory.dmpFilesize
188KB
-
memory/2220-62-0x000007FEFB110000-0x000007FEFB120000-memory.dmpFilesize
64KB
-
memory/2220-60-0x000007FEF5B40000-0x000007FEF5B52000-memory.dmpFilesize
72KB
-
memory/2220-59-0x000007FEF5B60000-0x000007FEF5B71000-memory.dmpFilesize
68KB
-
memory/2220-58-0x000007FEF5B80000-0x000007FEF5BA3000-memory.dmpFilesize
140KB
-
memory/2220-56-0x000007FEF5BB0000-0x000007FEF5BD4000-memory.dmpFilesize
144KB
-
memory/2220-54-0x000007FEF5C10000-0x000007FEF5C67000-memory.dmpFilesize
348KB
-
memory/2220-57-0x000007FEF6810000-0x000007FEF6828000-memory.dmpFilesize
96KB
-
memory/2220-53-0x000007FEF6830000-0x000007FEF6841000-memory.dmpFilesize
68KB
-
memory/2220-52-0x000007FEF5C70000-0x000007FEF5CEC000-memory.dmpFilesize
496KB
-
memory/2220-66-0x000007FEEF520000-0x000007FEEF5E5000-memory.dmpFilesize
788KB
-
memory/2220-67-0x000007FEEF4D0000-0x000007FEEF512000-memory.dmpFilesize
264KB
-
memory/2220-68-0x000007FEEF3D0000-0x000007FEEF432000-memory.dmpFilesize
392KB
-
memory/2220-69-0x000007FEEF360000-0x000007FEEF3CD000-memory.dmpFilesize
436KB
-
memory/2220-70-0x000007FEEF140000-0x000007FEEF2C0000-memory.dmpFilesize
1.5MB
-
memory/2220-40-0x000007FEF46A0000-0x000007FEF5750000-memory.dmpFilesize
16.7MB