Analysis
-
max time kernel
180s -
max time network
187s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 23:43
General
-
Target
645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe
-
Size
658KB
-
MD5
98343399d5aac84bacbeddc5a3385836
-
SHA1
e1c7bb2b21d7f46de57c26b407235972b1a6e28a
-
SHA256
645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52
-
SHA512
39a0daf741484e8bd692ab2abfec76f534ebb84ee72c41337d4499fba04c590da9fbd627a003038147a3dcf94b6198ab9f2cda52d480e7afd288a0f4fcc4471c
Score
10/10
Malware Config
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 46 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe"C:\Users\Admin\AppData\Local\Temp\645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1716-54-0x00000000754A1000-0x00000000754A3000-memory.dmpFilesize
8KB