Analysis Overview
SHA256
24f2eb90845e42c7b83d4cc2d690e14e29881d033253741af02d9a10b768b94b
Threat Level: Known bad
The file 24f2eb90845e42c7b83d4cc2d690e14e29881d033253741af02d9a10b768b94b was found to be: Known bad.
Malicious Activity Summary
Cosmu family
Detects Cosmu payload
Cosmu
Renames multiple (4691) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-06-05 08:18
Signatures
Cosmu family
Detects Cosmu payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-06-05 08:18
Reported
2025-06-05 08:21
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
Cosmu
Cosmu family
Detects Cosmu payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Renames multiple (4691) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\24f2eb90845e42c7b83d4cc2d690e14e29881d033253741af02d9a10b768b94b.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\24f2eb90845e42c7b83d4cc2d690e14e29881d033253741af02d9a10b768b94b.exe
"C:\Users\Admin\AppData\Local\Temp\24f2eb90845e42c7b83d4cc2d690e14e29881d033253741af02d9a10b768b94b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 142.250.27.94:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-186956858-2143653872-2609589082-1000\desktop.ini.tmp
| MD5 | 6513880aedd653d644de4c595b34ed30 |
| SHA1 | 1e3147fec60e2d351805a7f2fa816cddee315650 |
| SHA256 | bcd2f62b3b12d45bb4651be30b0deec2ef8a85dcc8d1f46ca33b46447e97c7f6 |
| SHA512 | 3289f963dc95dddaa44d10d35df4ca7e6bf3cd2b97c55fdc3c637beb03e0695b4ece018810d8d8e14fac0fcaa86cbd296f22a22ca1235a0cdb5f3b741475b2c7 |
C:\d962f70874f5d4bfc1c6\2010_x64.log.html.tmp
| MD5 | 355fa9966c6c790fa6e76ca3efe298fa |
| SHA1 | b0dc95e4cff6f07c1d91971c308a75d2b7a0968a |
| SHA256 | 4abc7efb894ee1c44fd838c284d553b58a55f840e7c60f0d68ff0b99e68141d9 |
| SHA512 | 5c33022545f47e8ecd87b5a0efbf80aeb0623928d1cb840719fa303a35a208ced0105fa1ef1ff533934b849bfd255d6b74baf70197fc93dc6034bf79c95879a8 |