Analysis

  • max time kernel
    158s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 00:04

General

  • Target

    efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe

  • Size

    756KB

  • MD5

    61109a5154ff42d0ea13218c8a445db5

  • SHA1

    e183e30af4bcbaa83a06d1e6b8edf3feb5e04524

  • SHA256

    efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6

  • SHA512

    c416de5946b86dc0988192e378db4ed635a98bda479d1d00214b5e814b5b58be843de40afe97b48d2b2ea62f182fc20d4a71ccb065f48db05b675b1c49c9570c

  • SSDEEP

    12288:v9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hmKlKebJ4:ZZ1xuVVjfFoynPaVBUR8f+kN10EB4hv

Score
10/10

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
    "C:\Users\Admin\AppData\Local\Temp\efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2068

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads