General
-
Target
516c442ae3d77378f994fea3c2ce619b1e7c64984cff0b166003188a7ad3aa2e
-
Size
1.3MB
-
Sample
250702-xzxhfagj3x
-
MD5
ff7dfaa286e5b839ac7e4cd63a86e734
-
SHA1
f352c58d34f2826bda4278f289c2b81b99a86053
-
SHA256
516c442ae3d77378f994fea3c2ce619b1e7c64984cff0b166003188a7ad3aa2e
-
SHA512
a1d75e4ba45778605445f27c2ddbe64fe28cc2fceb91d439a925abfd3e64aa92c94ffb0ec92257603d38518185de9d4b64af45c57b11ccbbd027edccabc3054c
-
SSDEEP
24576:C72cUQ0CN2PvEkqnXlrurpQP8FZGCMGPCb772cUQ0CN2PvEkqnXlrurpQP8FZGCO:ojU/8FP8FFEjU/8FP8FFO
Static task
static1
Behavioral task
behavioral1
Sample
516c442ae3d77378f994fea3c2ce619b1e7c64984cff0b166003188a7ad3aa2e.exe
Resource
win10v2004-20250619-en
Malware Config
Targets
-
-
Target
516c442ae3d77378f994fea3c2ce619b1e7c64984cff0b166003188a7ad3aa2e
-
Size
1.3MB
-
MD5
ff7dfaa286e5b839ac7e4cd63a86e734
-
SHA1
f352c58d34f2826bda4278f289c2b81b99a86053
-
SHA256
516c442ae3d77378f994fea3c2ce619b1e7c64984cff0b166003188a7ad3aa2e
-
SHA512
a1d75e4ba45778605445f27c2ddbe64fe28cc2fceb91d439a925abfd3e64aa92c94ffb0ec92257603d38518185de9d4b64af45c57b11ccbbd027edccabc3054c
-
SSDEEP
24576:C72cUQ0CN2PvEkqnXlrurpQP8FZGCMGPCb772cUQ0CN2PvEkqnXlrurpQP8FZGCO:ojU/8FP8FFEjU/8FP8FFO
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (2758) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-