Overview

overview

10

Static

static

8

2tRkVqK2.exe

windows7_x64

10

2tRkVqK2.exe

windows10_x64

10

Analysis

  • max time kernel
    3s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    20-09-2020 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2tRkVqK2.exe

  • Size

    232KB

  • MD5

    75df054b2777ec7d02a1661637cc9397

  • SHA1

    9b8206b1e2573f34f4447d9c42af0a686e66a4c0

  • SHA256

    208145a22fa6e10399360af479848df54672ea2eb542444e2f88c4299961971d

  • SHA512

    8262da68ad3c94fddbd25d689fcdd529a89f875a645784acbaeb17678753424937555fa49320500d3f9c1df34a2f932a49240ead24b536be3a57bb782582c8e3

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2tRkVqK2.exe
    "C:\Users\Admin\AppData\Local\Temp\2tRkVqK2.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1100

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads