Overview

overview

10

Static

static

3

1979150d08...18.exe

windows7-x64

10

1979150d08...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28-06-2024 08:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1979150d08c63cf63817fced86bac6b7_JaffaCakes118.exe

  • Size

    680KB

  • MD5

    1979150d08c63cf63817fced86bac6b7

  • SHA1

    d23ad36fcb5bf7bff2b68d25116a4902872f0be4

  • SHA256

    5252f6c57cca629847ad5482dc3b8b942f0e8ba4f2510e56fae0d2f836969e57

  • SHA512

    0d8d81f63ad5a7827ac9c85da12de33122d78610dd21dafe69fa03ac347ddb070c9ac6cddd02cac9c3bf515b60aa59eb72b36d4eb01f63a800c2d4b36631046d

  • SSDEEP

    12288:5ahBhc+i8vpya071qkqCamwOpZaO2IKpJ8Ifh/MDonUYaKwB8tzL86NdDndmatzZ:8GJdnUXbEaVjVBaBCdkahO69J

Score
10/10
darkcometpersistencerattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1979150d08c63cf63817fced86bac6b7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1979150d08c63cf63817fced86bac6b7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Local\Temp\winhost.exe
      C:\Users\Admin\AppData\Local\Temp\winhost.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2692

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\winhost.exe
    Filesize

    31KB

    MD5

    ed797d8dc2c92401985d162e42ffa450

    SHA1

    0f02fc517c7facc4baefde4fe9467fb6488ebabe

    SHA256

    b746362010a101cb5931bc066f0f4d3fc740c02a68c1f37fc3c8e6c87fd7cb1e

    SHA512

    e831a6ff987f3ef29982da16afad06938b68eddd43c234ba88d1c96a1b5547f2284baf35cbb3a5bfd75e7f0445d14daa014e0ba00b4db72c67f83f0a314c80c2

    Download Submit
  • memory/2692-31-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-13-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-49-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-7-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-48-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-25-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-18-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-35-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-11-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-34-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2692-19-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-9-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-8-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-26-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-47-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-15-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-46-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-23-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-33-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-36-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-37-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-38-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-39-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-40-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-41-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-42-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-43-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-44-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/2692-45-0x0000000000400000-0x00000000004BB000-memory.dmp
    Filesize

    748KB

    Download
  • memory/3012-2-0x0000000074230000-0x00000000747DB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/3012-0-0x0000000074231000-0x0000000074232000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3012-32-0x0000000074230000-0x00000000747DB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/3012-1-0x0000000074230000-0x00000000747DB000-memory.dmp
    Filesize

    5.7MB

    Download