Analysis Overview
SHA256
d1583f19bce89b61829f036bb1856cbc8eb5a912bb6e2672e6d9806edba192b0
Threat Level: Known bad
The file d1583f19bce89b61829f036bb1856cbc8eb5a912bb6e2672e6d9806edba192b0 was found to be: Known bad.
Malicious Activity Summary
Cosmu
Cosmu family
Detects Cosmu payload
Renames multiple (5196) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:23
Reported
2025-07-03 05:26
Platform
win10v2004-20250502-en
Max time kernel
149s
Max time network
135s
Command Line
Signatures
Cosmu
Cosmu family
Detects Cosmu payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Renames multiple (5196) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d1583f19bce89b61829f036bb1856cbc8eb5a912bb6e2672e6d9806edba192b0.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d1583f19bce89b61829f036bb1856cbc8eb5a912bb6e2672e6d9806edba192b0.exe
"C:\Users\Admin\AppData\Local\Temp\d1583f19bce89b61829f036bb1856cbc8eb5a912bb6e2672e6d9806edba192b0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3951986358-4006919840-1009690842-1000\desktop.ini.tmp
| MD5 | 86be624cba1c5273611c9578d44df08f |
| SHA1 | 5fc8672aec0af3588d512b47df4115c57dec4a80 |
| SHA256 | 351d1b39676f7b94aec037e0aff62502ce27fcb00bc653734745a1c774004bd5 |
| SHA512 | 45796ce41791ecac7f38f07124af0a4f5638f1303593d59829fdf7db710f5ef6c033525340a2d7a79f2ad5efca3269cce6588eaec8b4ecc7fbb35b4425f4b1ce |
C:\e871de07eca81c0a47\2010_x86.log.html.tmp
| MD5 | 66ad297ca6cdf1f3ed0e8379c187edb4 |
| SHA1 | 810e5408fbf3119410a218867181d541bec331ea |
| SHA256 | 55f697c52b1e8b900b1e8e3ce7a43231477866a7b5a1e2fd0c5d9f6d6b5f743e |
| SHA512 | b9ca09a04774b7821254229c56d4091129601d93c4c11b864c7d9b6fe95a5aa8e8e2429b844c479848278a62b5502057009f2b11f645488de54f8e13c308291c |
memory/6080-789-0x0000000000400000-0x0000000000407000-memory.dmp