Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

a5d6ff5bbb...25.exe

windows7-x64

10

a5d6ff5bbb...25.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 20:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5d6ff5bbbc5b350b938c7b2e09763b0935f00d41c01cc737b46bdd930f11625.exe

  • Size

    1.9MB

  • MD5

    c3ca6491e9f241573ba01a073939703a

  • SHA1

    29669a848b04b3a7faa09bbf3047df0e73121fd6

  • SHA256

    a5d6ff5bbbc5b350b938c7b2e09763b0935f00d41c01cc737b46bdd930f11625

  • SHA512

    ffb9bf92d06c7a17671e461a13972a45e6cc8ab0c0199691f02f12b662cb1ae141ebca9047a98f2efbd585cc4e2149bd1d973ae13cd1af11b89587931e395c5d

  • SSDEEP

    12288:35aqIbcW23TOLBlucS5nuISmFU7yYitKG6pydB4FOyD2wWT1tII0TzwfG1ydf6qS:QqcILKG6nGFm2WM4a0h

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5d6ff5bbbc5b350b938c7b2e09763b0935f00d41c01cc737b46bdd930f11625.exe
    "C:\Users\Admin\AppData\Local\Temp\a5d6ff5bbbc5b350b938c7b2e09763b0935f00d41c01cc737b46bdd930f11625.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      2⤵
        PID:3768
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 12
          3⤵
          • Program crash
          PID:2652
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3768 -ip 3768
      1⤵
        PID:3772

      Network

        No results found
      • 93.184.220.29:80
        322 B
         7
      • 93.184.220.29:80
        322 B
         7
      • 95.101.78.82:80
        322 B
         7
      • 104.80.225.205:443
        322 B
         7
      • 52.182.143.208:443
        322 B
         7
      • 8.248.5.254:80
        322 B
         7
      • 8.248.5.254:80
        322 B
         7
      No results found

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2148-134-0x0000000074AB0000-0x0000000075061000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2148-135-0x0000000074AB0000-0x0000000075061000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/3768-133-0x0000000013140000-0x00000000131F6000-memory.dmp

        Filesize

        728KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.