Overview

overview

10

Static

static

1fc15fc0d4...1c.exe

windows7_x64

10

1fc15fc0d4...1c.exe

windows10_x64

10

Analysis

  • max time kernel
    4s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-11-2020 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fc15fc0d494f0441923e5237e214545cc13d0f73759d70da6d4a784a2ef8b1c.exe

  • Size

    1.5MB

  • MD5

    21fb7cfb4b6889927dc2cc02307b6bc3

  • SHA1

    7461b416f7da583f84ec4d1b5215af977b736f15

  • SHA256

    1fc15fc0d494f0441923e5237e214545cc13d0f73759d70da6d4a784a2ef8b1c

  • SHA512

    00816bba8729485dacfff1596c0b3c32fac3395ce5739ffa1833217b54d76e8263af586a3cabebe579c58e3d8d7580977faca61a0ac5d5f001ac18f50466743d

Score
10/10
darkcometrattrojanupx

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fc15fc0d494f0441923e5237e214545cc13d0f73759d70da6d4a784a2ef8b1c.exe
    "C:\Users\Admin\AppData\Local\Temp\1fc15fc0d494f0441923e5237e214545cc13d0f73759d70da6d4a784a2ef8b1c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:308
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Windows\system32\svchost.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1512
    • C:\Users\Admin\AppData\Local\Temp\1fc15fc0d494f0441923e5237e214545cc13d0f73759d70da6d4a784a2ef8b1c.exe
      "C:\Users\Admin\AppData\Local\Temp\1fc15fc0d494f0441923e5237e214545cc13d0f73759d70da6d4a784a2ef8b1c.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RNBOW.bat
    MD5

    92353035f01403e26aa2ff51c3963238

    SHA1

    d13f167c73bfce23a2deab8ce7c4ce9f78759ff4

    SHA256

    2e72a8542f8f809bfb1e4adfb481c7c5e6dc00dda7970c74692ba8d83ea0a870

    SHA512

    74560e33477caae3c7bc13914e4ae3c6911bbcfe257b2833155c236a158db0aca17478beb9d97f648ff1ea566005260f511361771c74203195107f4e82cce7df

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    2e425f43c57a5deafd014c6ab5ffedd2

    SHA1

    d9d0fd957dc4225a1732a86ac1e99b29a9ed5a48

    SHA256

    412fcad83f908a6f85faa0509a54b14ccaf33d011dc312b824b58f640fe5200a

    SHA512

    525efd6c9505f6955365d0bc161a5ed1c21e7c7442f4442696b8f343e7d3f8e3fd9241056da52babe41c1381fe70ef6ba7b53e2fd4c0b9a2180830a0546c41b0

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    2e425f43c57a5deafd014c6ab5ffedd2

    SHA1

    d9d0fd957dc4225a1732a86ac1e99b29a9ed5a48

    SHA256

    412fcad83f908a6f85faa0509a54b14ccaf33d011dc312b824b58f640fe5200a

    SHA512

    525efd6c9505f6955365d0bc161a5ed1c21e7c7442f4442696b8f343e7d3f8e3fd9241056da52babe41c1381fe70ef6ba7b53e2fd4c0b9a2180830a0546c41b0

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    2e425f43c57a5deafd014c6ab5ffedd2

    SHA1

    d9d0fd957dc4225a1732a86ac1e99b29a9ed5a48

    SHA256

    412fcad83f908a6f85faa0509a54b14ccaf33d011dc312b824b58f640fe5200a

    SHA512

    525efd6c9505f6955365d0bc161a5ed1c21e7c7442f4442696b8f343e7d3f8e3fd9241056da52babe41c1381fe70ef6ba7b53e2fd4c0b9a2180830a0546c41b0

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    2e425f43c57a5deafd014c6ab5ffedd2

    SHA1

    d9d0fd957dc4225a1732a86ac1e99b29a9ed5a48

    SHA256

    412fcad83f908a6f85faa0509a54b14ccaf33d011dc312b824b58f640fe5200a

    SHA512

    525efd6c9505f6955365d0bc161a5ed1c21e7c7442f4442696b8f343e7d3f8e3fd9241056da52babe41c1381fe70ef6ba7b53e2fd4c0b9a2180830a0546c41b0

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    2e425f43c57a5deafd014c6ab5ffedd2

    SHA1

    d9d0fd957dc4225a1732a86ac1e99b29a9ed5a48

    SHA256

    412fcad83f908a6f85faa0509a54b14ccaf33d011dc312b824b58f640fe5200a

    SHA512

    525efd6c9505f6955365d0bc161a5ed1c21e7c7442f4442696b8f343e7d3f8e3fd9241056da52babe41c1381fe70ef6ba7b53e2fd4c0b9a2180830a0546c41b0

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    2e425f43c57a5deafd014c6ab5ffedd2

    SHA1

    d9d0fd957dc4225a1732a86ac1e99b29a9ed5a48

    SHA256

    412fcad83f908a6f85faa0509a54b14ccaf33d011dc312b824b58f640fe5200a

    SHA512

    525efd6c9505f6955365d0bc161a5ed1c21e7c7442f4442696b8f343e7d3f8e3fd9241056da52babe41c1381fe70ef6ba7b53e2fd4c0b9a2180830a0546c41b0

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    2e425f43c57a5deafd014c6ab5ffedd2

    SHA1

    d9d0fd957dc4225a1732a86ac1e99b29a9ed5a48

    SHA256

    412fcad83f908a6f85faa0509a54b14ccaf33d011dc312b824b58f640fe5200a

    SHA512

    525efd6c9505f6955365d0bc161a5ed1c21e7c7442f4442696b8f343e7d3f8e3fd9241056da52babe41c1381fe70ef6ba7b53e2fd4c0b9a2180830a0546c41b0

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    Download Submit
  • memory/308-25-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-10-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-16-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-18-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-17-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-19-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-22-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-24-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-23-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-3-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-27-0x0000000000748000-0x0000000000749000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-26-0x0000000000748000-0x0000000000749000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-29-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-28-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-30-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-4-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-13-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-2-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-5-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-7-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-9-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-8-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-6-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-12-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/308-11-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1248-36-0x00000000004085D0-mapping.dmp
    Download
  • memory/1248-40-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1248-39-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1248-34-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1472-43-0x0000000000000000-mapping.dmp
    Download
  • memory/1512-35-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1512-31-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1512-33-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1512-32-0x000000000040B000-mapping.dmp
    Download
  • memory/1604-91-0x00000000004085D0-mapping.dmp
    Download
  • memory/1676-102-0x0000000000400000-0x00000000004B7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/1676-101-0x0000000000400000-0x00000000004B7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/1676-96-0x00000000004B5210-mapping.dmp
    Download
  • memory/1676-95-0x0000000000400000-0x00000000004B7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/1716-57-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-80-0x0000000000258000-0x0000000000259000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-64-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-65-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-66-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-59-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-69-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-70-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-72-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-71-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-75-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-76-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-77-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-78-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-79-0x0000000000258000-0x0000000000259000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-63-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-81-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-82-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-51-0x0000000000000000-mapping.dmp
    Download
  • memory/1716-55-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-56-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-62-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-83-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-61-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-60-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1716-58-0x0000000000256000-0x0000000000257000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1728-86-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1728-84-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1728-85-0x000000000040B000-mapping.dmp
    Download
  • memory/1740-45-0x0000000000000000-mapping.dmp
    Download