Analysis

  • max time kernel
    3s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-11-2020 21:25

General

  • Target

    df4b70d17b65cf70d80d63f0a8bf908e6d0a625166449d61649ff93b5dee3e03.exe

  • Size

    333KB

  • MD5

    de58f2382c3d29a65f6c391d5ab06726

  • SHA1

    3b783d1db12d0a0eef3071b2acb72eba1b16d98c

  • SHA256

    df4b70d17b65cf70d80d63f0a8bf908e6d0a625166449d61649ff93b5dee3e03

  • SHA512

    7e06e83eddbc8b6ee4c6bc9f3b30fde51ded69c40f36442d96846300491ff7547e30966bd962d6f8f101f53953327ef1b1ecc2f1f458b55362331508c20600c8

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df4b70d17b65cf70d80d63f0a8bf908e6d0a625166449d61649ff93b5dee3e03.exe
    "C:\Users\Admin\AppData\Local\Temp\df4b70d17b65cf70d80d63f0a8bf908e6d0a625166449d61649ff93b5dee3e03.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:2036

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads