Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 13:29

General

  • Target

    9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe

  • Size

    717KB

  • MD5

    91190b715243b50851ac471981eb8b11

  • SHA1

    fc0a1987686f8e420a8fce372619848734c01069

  • SHA256

    9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846

  • SHA512

    7702fb38b5e6167a9d3dcff24eec07356d520f77a5edd7928f0ad629117114ba6a9f85bfe1748d670ee393fd4bcfd177f5149afd215ef17e03fc2ff221dba1fd

  • SSDEEP

    12288:4pwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIb:iwAcu99lPzvxP+Bsz2XjWTRMQckkIb

Score
10/10

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe
    "C:\Users\Admin\AppData\Local\Temp\9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2116

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2116-132-0x0000000000400000-0x00000000004B5000-memory.dmp

          Filesize

          724KB

        • memory/2116-133-0x0000000000400000-0x00000000004B5000-memory.dmp

          Filesize

          724KB