Analysis Overview
SHA256
8a22c1523e4518c6cc2ac47bc04048d7b16e3a0a1786c32d4ac5ff15eb85c9e5
Threat Level: Known bad
The file 8a22c1523e4518c6cc2ac47bc04048d7b16e3a0a1786c32d4ac5ff15eb85c9e5 was found to be: Known bad.
Malicious Activity Summary
Cosmu family
Detects Cosmu payload
Cosmu
Renames multiple (5222) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-29 11:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-29 11:58
Reported
2025-05-29 12:01
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
141s
Command Line
Signatures
Cosmu
Cosmu family
Detects Cosmu payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Renames multiple (5222) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8a22c1523e4518c6cc2ac47bc04048d7b16e3a0a1786c32d4ac5ff15eb85c9e5.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8a22c1523e4518c6cc2ac47bc04048d7b16e3a0a1786c32d4ac5ff15eb85c9e5.exe
"C:\Users\Admin\AppData\Local\Temp\8a22c1523e4518c6cc2ac47bc04048d7b16e3a0a1786c32d4ac5ff15eb85c9e5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 142.250.27.94:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3674642747-2260306818-3009887879-1000\desktop.ini.tmp
| MD5 | ef393c331c1b8b110da62e36b7146a4d |
| SHA1 | 37ec511e573fded7fe306122659d9ec982aeed1a |
| SHA256 | 1cebf98b58e8053b3b3cf90e3b7e9a04ea14d84a6f02b16c24153af41a19aac1 |
| SHA512 | ddf0a53c87f17382dc25a85e0b96ff584bb0d25626b18d9d3348c48d27c06ec79a0bee0e150c6ab517068394a137934afed77f798647163a5ad7488252301440 |
C:\967f022c4c136664abfad56c1fb73a\2010_x86.log.html.tmp
| MD5 | 923b2061d42cd53fbc07dff7a59bcbf1 |
| SHA1 | c463f5178a430614ad8601be5ce5c5664ca95f6c |
| SHA256 | 0426b0a98faa084fecea7f3c1a05c7ccdf75110221522e37cf1e436e3b3c68d5 |
| SHA512 | 917b52cf6b46f780764e0ef81245ee0404bf98608e0cc9cc8e4b335023b2fd3e2b8d08ec4c2ac39a5ec46fd17fe2e7f52a173321172c12bbd205cdccf71e8683 |
memory/4856-803-0x0000000000400000-0x0000000000407000-memory.dmp