Analysis

  • max time kernel
    103s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2025, 08:18

General

  • Target

    60b13e157d98501c35c7f708d16fbc323a69c778c6c747975f4b7d489e651b96.exe

  • Size

    43KB

  • MD5

    157edc29d6d6607c912bc3c4c62e7d38

  • SHA1

    036e8f1a9d65d75046136ee75babd8ac2ac86544

  • SHA256

    60b13e157d98501c35c7f708d16fbc323a69c778c6c747975f4b7d489e651b96

  • SHA512

    c5b81d51dc45dd76d001bac245ec3de884a1bf4a2b30dee250a297b3ae6869ebdde987c885fb792236a8270d0f07d51632cda393b83334b0df6cdda4dea4f85e

  • SSDEEP

    768:uZ4FLz8ae+rOn8ae+rOrZkZ/79mVNpFvT89LSmuz+Y:uGII1GZmVNpFvT89LSmuz+Y

Score
10/10

Malware Config

Signatures

  • Cosmu

    Cosmu is a Windows worm written in C++.

  • Cosmu family
  • Detects Cosmu payload 1 IoCs

    Cosmu is a worm written in C++.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\60b13e157d98501c35c7f708d16fbc323a69c778c6c747975f4b7d489e651b96.exe
    "C:\Users\Admin\AppData\Local\Temp\60b13e157d98501c35c7f708d16fbc323a69c778c6c747975f4b7d489e651b96.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4452

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4452-0-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB