Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

ba27ee9e69...2d.exe

windows7-x64

10

ba27ee9e69...2d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    161s
  • max time network
    116s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 00:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba27ee9e692a97b1d58f6aa006072349040cc3fc39aed79bc8998c3c524d5c2d.exe

  • Size

    1.5MB

  • MD5

    1d06209309e0b8f18e3d769d21728591

  • SHA1

    e02024506c73a4487cfa4cd209c7f07346ce2c58

  • SHA256

    ba27ee9e692a97b1d58f6aa006072349040cc3fc39aed79bc8998c3c524d5c2d

  • SHA512

    575e02ba1633b5ba30a9387dd63d0e7737ec41a6f619a4d5fb7794e85660f522e2867d1ca6ec790eb7fdaed3ee9fcde7ce68931fd01011ce12051ce11747cfa3

  • SSDEEP

    24576:YRmYkcoQricOIrxiZY1iapYfP7wKaHnCMjORymu7Xmg7FT2b8:dYZoQrbT8ZY1iapMP16zt2g7FaY

Score
10/10
darkcomethbpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

HB

C2

ridingdark.no-ip.biz:1337

Mutex

DC_MUTEX-L7FRRW9

Attributes
  • gencode

    5BpKzfGArBf6

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba27ee9e692a97b1d58f6aa006072349040cc3fc39aed79bc8998c3c524d5c2d.exe
    "C:\Users\Admin\AppData\Local\Temp\ba27ee9e692a97b1d58f6aa006072349040cc3fc39aed79bc8998c3c524d5c2d.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Users\Admin\AppData\Local\Temp\ba27ee9e692a97b1d58f6aa006072349040cc3fc39aed79bc8998c3c524d5c2d.exe
      "C:\Users\Admin\AppData\Local\Temp\ba27ee9e692a97b1d58f6aa006072349040cc3fc39aed79bc8998c3c524d5c2d.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:668

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/668-65-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-56-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-58-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-60-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-62-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-55-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-67-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-75-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-69-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-64-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-71-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-73-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/668-74-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/848-54-0x00000000766F1000-0x00000000766F3000-memory.dmp

    Filesize

    8KB

    Download