Overview

overview

10

Static

static

10

c43137fedd...73.exe

windows7_x64

10

c43137fedd...73.exe

windows10_x64

10

Analysis

  • max time kernel
    49s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    15-05-2021 03:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe

  • Size

    662KB

  • MD5

    09a60db2024fa4a59a39ae34b0185d8a

  • SHA1

    cd970075caad6ff3a83cd1a3ae4231dd241f3a75

  • SHA256

    c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573

  • SHA512

    6d354751e29c26ef57c32f1ca1fd72137b70f8fd32fe45af75a12b21d26e7028140a49a3edbca404ab946fc4812cb943237aedc728f747dd5779b3cbfcd2a6c8

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe
    "C:\Users\Admin\AppData\Local\Temp\c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:656

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/656-114-0x0000000002440000-0x0000000002441000-memory.dmp
    Filesize

    4KB

    Download