Overview

overview

10

Static

static

URLScan

urlscan

https://cdn.discorda...

windows7_x64

10

https://cdn.discorda...

windows11_x64

10

https://cdn.discorda...

windows10_x64

10

Analysis

  • max time kernel
    110s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    25-08-2021 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/880094120226480198/880117156560392212/deneme.zip

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/880094120226480198/880117156560392212/deneme.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4036 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1904
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3980
    • C:\Users\Admin\Desktop\deneme.exe
      "C:\Users\Admin\Desktop\deneme.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1092

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    2
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      cfc0d637e36187355616fc9e8e41b828

      SHA1

      268c9f323b848d8ae8b39f720a92bfbd464a2d3d

      SHA256

      5b7390dce5abe5066b2a93897093bedd9ff8e9873192378ae19faf2520393a13

      SHA512

      a7f6b8b8ff674382825595ae4e8216259eeaa6a45ead79653a81578083450e72b4f2f347a672116d52cf953f52c7942fe9da22fb4026f37cd468e7ddd12e14c1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      cfadbc37613859fdfc450320c7c54db0

      SHA1

      dc5c26c89cc450b322d553cbea067111ada257e7

      SHA256

      3fe0d6052853b517eb424d09de03aab8e7523f5aca57ea39acd851da728de61f

      SHA512

      bf53e4a332db329a61ffe9b01c6a8f01263220460363395e58c4d5ceab9ec457c4c6cc1de1a8e59ffd96095a747e475b3916f187cfb6ab31520a754584816c2d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JJTXMBUI.cookie
      MD5

      f017eaeef7a48d71a27c3ec40076a78d

      SHA1

      df625c5552d9eca6c3de3a631ad2e0778fcc0f4e

      SHA256

      5b4aff33e3ef60d446db326c9fdf679ba346d6edc7218ed0836b637da564cc5f

      SHA512

      37deb90fc9e0db7ccdfb96eec1ab85dff4cd518d86128a0a72776e23ebd3f2db2b053e519f9ca6af02b158d1ec18e17ece1e1d56a857509ffbb3d3915a9d5100

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\SH4ODNSV.cookie
      MD5

      b935016247f764c17eaa1110bcfdb397

      SHA1

      5c646c4a05000496560eddd3ce9bb86afb43b78f

      SHA256

      395365e21e5463d52645ce29391b52d92120aa8db70b9358e1f00c36f56e7858

      SHA512

      dd60c379bf935acabd14d60fef53fdc0b512c6a0c836c9b0f752aad8386ae15c182faf98541804db6e4417d5ac37a1265919a879070e89607f61fa311bf32b27

      Download Submit
    • C:\Users\Admin\Downloads\deneme.zip.dqgtffb.partial
      MD5

      97e6782dd88eb5e13f1a49872e37da34

      SHA1

      e4f1b607ce8b07ea2e90d3337ce32601c5363d1a

      SHA256

      4478eddcc10d4f78916239fc3b547296a9e8ccc3e85197dea90c993a66c865df

      SHA512

      2308f837cd4b69cd6ba09fe928bd3f86254fcbb8618a2e7b9720c3391f86857173b0e5646c9e86a0811782df3c15acc860865a7cb4da358ab4754a84eca1905f

      Download Submit
    • memory/1092-117-0x0000000002220000-0x0000000002221000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1904-115-0x0000000000000000-mapping.dmp
      Download
    • memory/4036-114-0x00007FFAC04B0000-0x00007FFAC051B000-memory.dmp
      Filesize

      428KB

      Download