Analysis
-
max time kernel
143s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
06/04/2023, 23:08
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20230220-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-20230220-en
4 signatures
150 seconds
General
-
Target
sample.exe
-
Size
4.5MB
-
MD5
cf10cca7751df8dd1cd8afda5b92efcb
-
SHA1
cd89cc73fec213d905d7761c43e5a1b1be21ef06
-
SHA256
5e7c5855de0bd2fac2f300b4ee1125dd57f9a6f06f58b4b7baf8f0a090a25ab8
-
SHA512
ca6993d6764101263aa01814ac642caf4b3d5cd8f33da7801a3f6e6152e7867c1c3ac922d30f044b353c592c14011dd4d32b3b437f7d6ecddd49ee1eb1a6520d
-
SSDEEP
49152:7gerPO37fzH4A6hanqNI2emasHZz5RWtri04gQ:8erPO37fzH4A6h0L0wtm0S
Score
10/10
Malware Config
Signatures
-
Detects MosaicLoader payload 5 IoCs
resource yara_rule behavioral1/memory/688-56-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader behavioral1/memory/688-59-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader behavioral1/memory/688-60-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader behavioral1/memory/688-61-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader behavioral1/memory/688-63-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader -
MosaicLoader
MosaicLoader has been first discovered in July 2021, written in C++.
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
pid Process 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe 608 sample.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28 PID 608 wrote to memory of 688 608 sample.exe 28