Analysis
-
max time kernel
153s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 15:44
General
-
Target
1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9.exe
-
Size
756KB
-
MD5
ea6e9d8f151d1437cba55259bd7627fa
-
SHA1
a913d0af4e1c115ffdd1e05faa3df480e6cd2024
-
SHA256
1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9
-
SHA512
4a795ddd4f2d0d0ffde973162a9b8636d2cb9bc7f921d59a72c100b27789c8f89fd746fb4a9c4bfaebc7148dafc2fef0998cc623af142b4f8bc000080232c2cf
-
SSDEEP
12288:09HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hx4:4Z1xuVVjfFoynPaVBUR8f+kN10EBc
Score
10/10
Malware Config
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9.exe"C:\Users\Admin\AppData\Local\Temp\1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9.exe"1⤵
- Modifies WinLogon for persistence
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx