Resubmissions

06/04/2023, 23:09

230406-25l14she6x 10

22/02/2023, 13:10

230222-qewbbabg26 1

Analysis

  • max time kernel
    92s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2023, 23:09

General

  • Target

    sample.exe

  • Size

    7.0MB

  • MD5

    ec55c594ad719296c3778165d15a6e03

  • SHA1

    f37862384b8c96533025a1c5e8c1e9d016f94f5d

  • SHA256

    50a4fbbf71d27bfffb438d40976030f4b1445cb446300ede262f276fb5527b00

  • SHA512

    ba083cdbaaccd0eed8b0d9f094bcbd30c4c0368b1de66d23ce58ee1797aea12980df66a350aa574e2abf378ce777b72a971c8c35c4fb67341f6699dd178031e7

  • SSDEEP

    49152:IgarPO37fzH4A6hanqNwMmnyH7Z7oinTf4bNO:ZarPO37fzH4A6h0NMmC8ir4Y

Score
10/10

Malware Config

Signatures

  • Detects MosaicLoader payload 5 IoCs
  • MosaicLoader

    MosaicLoader has been first discovered in July 2021, written in C++.

  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sample.exe
    "C:\Users\Admin\AppData\Local\Temp\sample.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4824
    • C:\Users\Admin\AppData\Local\Temp\sample.exe
      "C:\Users\Admin\AppData\Local\Temp\sample.exe"
      2⤵
        PID:1932

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1932-134-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/1932-139-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/1932-136-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/1932-140-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/1932-141-0x00000000001C0000-0x00000000001C1000-memory.dmp

            Filesize

            4KB

          • memory/1932-142-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

          • memory/4824-133-0x0000000000400000-0x0000000000B18000-memory.dmp

            Filesize

            7.1MB

          • memory/4824-137-0x0000000002870000-0x00000000028EB000-memory.dmp

            Filesize

            492KB

          • memory/4824-138-0x00000000029C0000-0x0000000002B63000-memory.dmp

            Filesize

            1.6MB