General
-
Target
a0a07cc036568b111c6922bf09008045df36b272b86bd496c6c450f728e1058f
-
Size
48KB
-
Sample
250529-j7e2gazset
-
MD5
63389389e90ac908f4d083c5b459372a
-
SHA1
faade9908f0272503d12741111c3181540c4014e
-
SHA256
a0a07cc036568b111c6922bf09008045df36b272b86bd496c6c450f728e1058f
-
SHA512
37148ae690c0af69bed2a58cd7cae8c1784888e476980bb6410797f2ab8904be9583059d3deab8b48aa73906c314becb293f746f1fd1e41ffa34e328fa99a509
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUKdZ4FLz8ae+rOn8ae+rOHv:uGIIHp1MkPMk6GIIHp1MkPMkDkI
Static task
static1
Behavioral task
behavioral1
Sample
a0a07cc036568b111c6922bf09008045df36b272b86bd496c6c450f728e1058f.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
a0a07cc036568b111c6922bf09008045df36b272b86bd496c6c450f728e1058f.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
a0a07cc036568b111c6922bf09008045df36b272b86bd496c6c450f728e1058f
-
Size
48KB
-
MD5
63389389e90ac908f4d083c5b459372a
-
SHA1
faade9908f0272503d12741111c3181540c4014e
-
SHA256
a0a07cc036568b111c6922bf09008045df36b272b86bd496c6c450f728e1058f
-
SHA512
37148ae690c0af69bed2a58cd7cae8c1784888e476980bb6410797f2ab8904be9583059d3deab8b48aa73906c314becb293f746f1fd1e41ffa34e328fa99a509
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUKdZ4FLz8ae+rOn8ae+rOHv:uGIIHp1MkPMk6GIIHp1MkPMkDkI
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5234) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-