Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
20/10/2022, 09:53
General
-
Target
cf1e807d2b9147f13de026b7aeb75f91cd24d8d2836bc032adbd13089f66669a.exe
-
Size
756KB
-
MD5
7a80307f43673bf0cb6f6e8bfc032da0
-
SHA1
c1df957e34fc7ecd9178e090e49ccdc5b45c7888
-
SHA256
cf1e807d2b9147f13de026b7aeb75f91cd24d8d2836bc032adbd13089f66669a
-
SHA512
42fd79fa8460919907598bf7a06968516bfdaabf311c4ef645fe93059e0e3599a410e6d150f1888faf99ba469b4fd467699c3764ae7d29b18533c8eb8e5489ce
-
SSDEEP
12288:W9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hR2ZChoJNf:yZ1xuVVjfFoynPaVBUR8f+kN10EBPhWf
Score
10/10
Malware Config
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf1e807d2b9147f13de026b7aeb75f91cd24d8d2836bc032adbd13089f66669a.exe"C:\Users\Admin\AppData\Local\Temp\cf1e807d2b9147f13de026b7aeb75f91cd24d8d2836bc032adbd13089f66669a.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB