Analysis
-
max time kernel
147s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2023, 23:08
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20230220-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-20230220-en
4 signatures
150 seconds
General
-
Target
sample.exe
-
Size
4.5MB
-
MD5
cf10cca7751df8dd1cd8afda5b92efcb
-
SHA1
cd89cc73fec213d905d7761c43e5a1b1be21ef06
-
SHA256
5e7c5855de0bd2fac2f300b4ee1125dd57f9a6f06f58b4b7baf8f0a090a25ab8
-
SHA512
ca6993d6764101263aa01814ac642caf4b3d5cd8f33da7801a3f6e6152e7867c1c3ac922d30f044b353c592c14011dd4d32b3b437f7d6ecddd49ee1eb1a6520d
-
SSDEEP
49152:7gerPO37fzH4A6hanqNI2emasHZz5RWtri04gQ:8erPO37fzH4A6h0L0wtm0S
Score
10/10
Malware Config
Signatures
-
Detects MosaicLoader payload 6 IoCs
resource yara_rule behavioral2/memory/116-134-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader behavioral2/memory/116-138-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader behavioral2/memory/116-140-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader behavioral2/memory/116-142-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader behavioral2/memory/116-143-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader behavioral2/memory/116-144-0x0000000000400000-0x00000000004B7000-memory.dmp family_mosaicloader -
MosaicLoader
MosaicLoader has been first discovered in July 2021, written in C++.
-
Suspicious behavior: EnumeratesProcesses 42 IoCs
pid Process 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe 3712 sample.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88 PID 3712 wrote to memory of 116 3712 sample.exe 88