darkcomet | 66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Size

658KB
MD5

9b27dc3f2167adc59bfd4f6f850522d5
SHA1

95c6a98fce97feba4399973cced7decc419cf597
SHA256

66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1
SHA512

570e8988b48621809e4a6f925075a741ed5fb655cdb7b10be9e624a37134c1d2c57440f88ad6978396c3994f62a47abbb49694f5cb7459f12fcdc875761df2ae
SSDEEP

12288:q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hG:mZ1xuVVjfFoynPaVBUR8f+kN10EBE

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeSecurityPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeTakeOwnershipPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeLoadDriverPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeSystemProfilePrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeSystemtimePrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeProfSingleProcessPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeIncBasePriorityPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeCreatePagefilePrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeBackupPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeRestorePrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeShutdownPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeDebugPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeSystemEnvironmentPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeChangeNotifyPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeRemoteShutdownPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeUndockPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeManageVolumePrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeImpersonatePrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: SeCreateGlobalPrivilege	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: 33	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: 34	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
Token: 35	2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2036	66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe

C:\Users\Admin\AppData\Local\Temp\66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe
"C:\Users\Admin\AppData\Local\Temp\66b4174f410a0e6cd23b2fe6a2ebfe6f558e09fe4e43ef0953da67a79e453ab1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-54-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download