Overview

overview

10

Static

static

10

d12109fb1e...e8.exe

windows7_x64

10

d12109fb1e...e8.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d12109fb1e3646727c8d9a830281dd7d58c2b8b71da89be28b8b4838aa8aa0e8.exe

  • Size

    658KB

  • MD5

    dab4861a538d1e9d430e5927300c7015

  • SHA1

    856ceb3502a25ce1d797633ad044dcbd15d863ae

  • SHA256

    d12109fb1e3646727c8d9a830281dd7d58c2b8b71da89be28b8b4838aa8aa0e8

  • SHA512

    efad47acde5489558c5209a5cf8ab0be2e7c5b87717386e847f8479173c876b094a3cddb12b72cc15e28d88b9fb2e1f898192277819bc3ef46fcf1f789a749c8

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d12109fb1e3646727c8d9a830281dd7d58c2b8b71da89be28b8b4838aa8aa0e8.exe
    "C:\Users\Admin\AppData\Local\Temp\d12109fb1e3646727c8d9a830281dd7d58c2b8b71da89be28b8b4838aa8aa0e8.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2300

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads