Resubmissions

06/04/2023, 23:09

230406-25l14she6x 10

22/02/2023, 13:10

230222-qewbbabg26 1

Analysis

  • max time kernel
    141s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2023, 23:09

General

  • Target

    sample.exe

  • Size

    7.0MB

  • MD5

    ec55c594ad719296c3778165d15a6e03

  • SHA1

    f37862384b8c96533025a1c5e8c1e9d016f94f5d

  • SHA256

    50a4fbbf71d27bfffb438d40976030f4b1445cb446300ede262f276fb5527b00

  • SHA512

    ba083cdbaaccd0eed8b0d9f094bcbd30c4c0368b1de66d23ce58ee1797aea12980df66a350aa574e2abf378ce777b72a971c8c35c4fb67341f6699dd178031e7

  • SSDEEP

    49152:IgarPO37fzH4A6hanqNwMmnyH7Z7oinTf4bNO:ZarPO37fzH4A6h0NMmC8ir4Y

Score
10/10

Malware Config

Signatures

  • Detects MosaicLoader payload 6 IoCs
  • MosaicLoader

    MosaicLoader has been first discovered in July 2021, written in C++.

  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sample.exe
    "C:\Users\Admin\AppData\Local\Temp\sample.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Users\Admin\AppData\Local\Temp\sample.exe
      "C:\Users\Admin\AppData\Local\Temp\sample.exe"
      2⤵
        PID:1772

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1340-54-0x0000000000400000-0x0000000000B18000-memory.dmp

            Filesize

            7.1MB

          • memory/1340-56-0x0000000000220000-0x000000000029B000-memory.dmp

            Filesize

            492KB

          • memory/1340-58-0x0000000002590000-0x0000000002710000-memory.dmp

            Filesize

            1.5MB

          • memory/1340-64-0x0000000002590000-0x0000000002710000-memory.dmp

            Filesize

            1.5MB

          • memory/1772-55-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/1772-57-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/1772-59-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/1772-60-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/1772-61-0x00000000001B0000-0x00000000001B1000-memory.dmp

            Filesize

            4KB

          • memory/1772-62-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/1772-63-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB