Overview

overview

10

Static

static

10

8658550bc5...45.exe

windows7_x64

10

8658550bc5...45.exe

windows10_x64

10

Analysis

  • max time kernel
    131s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    13-05-2021 12:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8658550bc56469ef02c69d7ac3f0749e173fca486d09298bd3c305f352b07e45.exe

  • Size

    658KB

  • MD5

    30c9f541275eafce10bd119505bed37c

  • SHA1

    b1bb5fd7c85dba4bd2b233a73f9327e60118d297

  • SHA256

    8658550bc56469ef02c69d7ac3f0749e173fca486d09298bd3c305f352b07e45

  • SHA512

    2e5f01de124f7dad83dd55a34f3312d0a0b8320ae28bd2a5f0984c476e42e72a59199f6df7dfacf3b9f27f700273ae8c86a1b1d6f510e86ba104e3bc3a6d8261

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8658550bc56469ef02c69d7ac3f0749e173fca486d09298bd3c305f352b07e45.exe
    "C:\Users\Admin\AppData\Local\Temp\8658550bc56469ef02c69d7ac3f0749e173fca486d09298bd3c305f352b07e45.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1076

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1076-59-0x00000000766D1000-0x00000000766D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1076-60-0x00000000005D0000-0x00000000005D1000-memory.dmp

    Filesize

    4KB

    Download