Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

bd73c61af8...2a.exe

windows7-x64

10

bd73c61af8...2a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    220s
  • max time network
    287s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2022, 04:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a.exe

  • Size

    1.1MB

  • MD5

    c3e725e101429c8f5fa63ebff8a0aa5d

  • SHA1

    4bdc369996484bd52519c00f48d320ba127ec627

  • SHA256

    bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a

  • SHA512

    8677dab9c79d4f333bd5a953d532bd4405dfd14b14ae93bae74dad769e5cf6a599f4abf2da94ea7a75843800bf747bb82a8972d4ff8260bfa60efb63a06a23f4

  • SSDEEP

    24576:Fw1+mpzx/blZuPqIWt6OiiUfUqO/aQXfiqgzHfbUsq4qSRZ6A:Fw1Dp1/blZuq56aUfUqOjfP8Lq4qm

Score
10/10
darkcometpersistencerattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a.exe
    "C:\Users\Admin\AppData\Local\Temp\bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Users\Admin\AppData\Local\Temp\bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a.exe
      "C:\Users\Admin\AppData\Local\Temp\bd73c61af867f496e494daa04b51a5c705903c167d051b9d78825f731789562a.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Checks BIOS information in registry
      • Adds Run key to start application
      • Drops file in System32 directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:5016

Network

    No results found
  • 104.80.225.205:443
    322 B
     7
  • 52.168.117.170:443
    322 B
     7
  • 88.221.25.154:80
    322 B
     7
  • 88.221.25.154:80
    322 B
     7
  • 88.221.25.154:80
    322 B
     7
  • 96.16.53.148:80
    46 B
     40 B
     1
    1
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5016-135-0x0000000000400000-0x0000000000503000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5016-136-0x0000000000400000-0x0000000000503000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5016-137-0x0000000000400000-0x0000000000503000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5016-138-0x0000000000400000-0x0000000000503000-memory.dmp

    Filesize

    1.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.