General
-
Target
32710c5ad4e7fbdc01645bb31401c0fa833f8583bb94f1a4b480427958973270
-
Size
153KB
-
Sample
250530-ccnxka1nz9
-
MD5
2a6d3fec9f4343686913706b5c09137a
-
SHA1
06e35152f1ec959f3b90d924da8ed71a056c655e
-
SHA256
32710c5ad4e7fbdc01645bb31401c0fa833f8583bb94f1a4b480427958973270
-
SHA512
f98f0a90f11942da1d2a4a01e9cf071aba0757218faa15e0039903d150bb6c614abb8d5249f09de825690f5e0286b4d835eab405c85b6bd9d01ab90afcad4b16
-
SSDEEP
1536:uGII+49101yIyI1ymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7C:HGwIyI1nzhQNv40j0PW1IrEfMtyhuG
Static task
static1
Behavioral task
behavioral1
Sample
32710c5ad4e7fbdc01645bb31401c0fa833f8583bb94f1a4b480427958973270.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
32710c5ad4e7fbdc01645bb31401c0fa833f8583bb94f1a4b480427958973270
-
Size
153KB
-
MD5
2a6d3fec9f4343686913706b5c09137a
-
SHA1
06e35152f1ec959f3b90d924da8ed71a056c655e
-
SHA256
32710c5ad4e7fbdc01645bb31401c0fa833f8583bb94f1a4b480427958973270
-
SHA512
f98f0a90f11942da1d2a4a01e9cf071aba0757218faa15e0039903d150bb6c614abb8d5249f09de825690f5e0286b4d835eab405c85b6bd9d01ab90afcad4b16
-
SSDEEP
1536:uGII+49101yIyI1ymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7C:HGwIyI1nzhQNv40j0PW1IrEfMtyhuG
-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5202) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-