General
-
Target
3725aa0864ea6c3242149c6d5e68e6baf6da894fb431bcb70f683e851634f75c
-
Size
48KB
-
Sample
250529-j4r7maen8v
-
MD5
ac8cb5ee602af1e6ebe3c338840783ab
-
SHA1
8d90b392e9ad63f611ab45da571573840961dac8
-
SHA256
3725aa0864ea6c3242149c6d5e68e6baf6da894fb431bcb70f683e851634f75c
-
SHA512
0327048766471f88fe75f79524769b75ec1b13e0faec421f41f9d05df600f02cebcbb7c04a247a3107e8d5e39be2aae6742431536cf058a373c0d6fa1a65d1a4
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUK6Z4FLz8ae+rOn8ae+rOHM:uGIIHp1MkPMkRGIIHp1MkPMkDkH
Static task
static1
Behavioral task
behavioral1
Sample
3725aa0864ea6c3242149c6d5e68e6baf6da894fb431bcb70f683e851634f75c.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
3725aa0864ea6c3242149c6d5e68e6baf6da894fb431bcb70f683e851634f75c
-
Size
48KB
-
MD5
ac8cb5ee602af1e6ebe3c338840783ab
-
SHA1
8d90b392e9ad63f611ab45da571573840961dac8
-
SHA256
3725aa0864ea6c3242149c6d5e68e6baf6da894fb431bcb70f683e851634f75c
-
SHA512
0327048766471f88fe75f79524769b75ec1b13e0faec421f41f9d05df600f02cebcbb7c04a247a3107e8d5e39be2aae6742431536cf058a373c0d6fa1a65d1a4
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUK6Z4FLz8ae+rOn8ae+rOHM:uGIIHp1MkPMkRGIIHp1MkPMkDkH
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-