Overview

overview

10

Static

static

8

cb4e4d28e4...fa.exe

windows7_x64

10

cb4e4d28e4...fa.exe

windows10_x64

10

Analysis

  • max time kernel
    10s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    05-11-2020 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb4e4d28e4ae4e4acaffb8087e80d9163089be1d1f08837e23d665e65d8f30fa.exe

  • Size

    318KB

  • MD5

    21d8240fd8c92d2e6a211c46ac626f1c

  • SHA1

    38362d378163c2a9176835414fe5c4220f5b42bf

  • SHA256

    cb4e4d28e4ae4e4acaffb8087e80d9163089be1d1f08837e23d665e65d8f30fa

  • SHA512

    37ddbfb42207eddeb6f94096ccec18cad36c09d9af3755343a68c1d97416df6cf303585563abb833e409809e8a254bd6422141c72f5464087403e20cfdabe0da

Score
10/10
darkcometpersistencerattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb4e4d28e4ae4e4acaffb8087e80d9163089be1d1f08837e23d665e65d8f30fa.exe
    "C:\Users\Admin\AppData\Local\Temp\cb4e4d28e4ae4e4acaffb8087e80d9163089be1d1f08837e23d665e65d8f30fa.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:300

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads