Analysis

  • max time kernel
    103s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250610-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2025, 05:24

General

  • Target

    b4aed04f22e19628b41a44a88349fc58cc8af656c4a35922bc4b99d169ef39bf.exe

  • Size

    4.7MB

  • MD5

    0ca95b3d1c383a21807974acd824a93b

  • SHA1

    07d3c2d9d8a9c4b7596e7423f1ccb638304cfdfe

  • SHA256

    b4aed04f22e19628b41a44a88349fc58cc8af656c4a35922bc4b99d169ef39bf

  • SHA512

    775e81b551ae00cafef80165f359d394549f248663d8b423daf13c87469a3604711098cb05ba184876c17b8198c1fafe0be8bf362d50efd016ecf8bcf1c175a8

  • SSDEEP

    49152:Tc+AqwXQ6gyrTzs4WZxSSDesR6f5MTRdaJjSP4UFS54:TcxqwXQHyrT44WOSSsRcGRdaJmAUFSK

Score
10/10

Malware Config

Signatures

  • Cosmu

    Cosmu is a Windows worm written in C++.

  • Cosmu family
  • Detects Cosmu payload 1 IoCs

    Cosmu is a worm written in C++.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4aed04f22e19628b41a44a88349fc58cc8af656c4a35922bc4b99d169ef39bf.exe
    "C:\Users\Admin\AppData\Local\Temp\b4aed04f22e19628b41a44a88349fc58cc8af656c4a35922bc4b99d169ef39bf.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1440

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1440-0-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB