darkcomet | 27ca12ae68d4f94650bb4d61603e061684902a7f5d6598d9a0fc20f4ab80bf26

Analysis

max time kernel
21s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
26-06-2024 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Size

745KB
MD5

1378915057b24801bae4f21dd3eb104a
SHA1

618fe84575dff84160013650177804cc1f7fd3d2
SHA256

27ca12ae68d4f94650bb4d61603e061684902a7f5d6598d9a0fc20f4ab80bf26
SHA512

3f42f1f86d22c92cf4587e6e9aa4d84981e53ac8da69e11e5edaf136ee3267802747b31958aa7fe77bfc6ec1acd259d17f6227011ae8427499e59185d0053be6
SSDEEP

12288:96A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTvfiwqMd0QZh9u:wAmBpVKHu0Mu9Xo20VGLVvawD0QZh9u

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes:

1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeSecurityPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeBackupPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeRestorePrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeShutdownPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeDebugPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeUndockPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeImpersonatePrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: 33	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: 34	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
Token: 35	1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe

pid process

1732 1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe

pid	process
1732	1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1378915057b24801bae4f21dd3eb104a_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1732-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1732-1-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1732-2-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download