darkcomet | 1a787786968cfa9102f6ba5362d274349bf53f15f2dc0c9a70940edf7d626074

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Size

293KB
MD5

2fdf1218a636c6e1415dbd1f2eaf53a0
SHA1

3e9dd5bcde75be2aee3253d711afa0080f188dd4
SHA256

1a787786968cfa9102f6ba5362d274349bf53f15f2dc0c9a70940edf7d626074
SHA512

b395054ed37bbee9a9d6c3e3d9966c3f57587e90b8c440aed5b01442b360ac3f8b761cd3da305c9fba97a5f4d325b1c747a722ecc16e59ccf3e92f8aba226085
SSDEEP

6144:YbaepOgEy+AT5JPPiFrF6UTcz/DJZoAwDuRS/xrZ:Qa2dEy+ATrPiFXEJZoAwDui

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1872 set thread context of 2580	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe	28

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeSecurityPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeTakeOwnershipPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeLoadDriverPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeSystemProfilePrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeSystemtimePrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeProfSingleProcessPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeIncBasePriorityPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeCreatePagefilePrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeBackupPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeRestorePrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeShutdownPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeDebugPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeSystemEnvironmentPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeChangeNotifyPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeRemoteShutdownPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeUndockPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeManageVolumePrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeImpersonatePrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeCreateGlobalPrivilege	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: 33	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: 34	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: 35	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
Token: SeIncreaseQuotaPrivilege	2580	iexplore.exe
Token: SeSecurityPrivilege	2580	iexplore.exe
Token: SeTakeOwnershipPrivilege	2580	iexplore.exe
Token: SeLoadDriverPrivilege	2580	iexplore.exe
Token: SeSystemProfilePrivilege	2580	iexplore.exe
Token: SeSystemtimePrivilege	2580	iexplore.exe
Token: SeProfSingleProcessPrivilege	2580	iexplore.exe
Token: SeIncBasePriorityPrivilege	2580	iexplore.exe
Token: SeCreatePagefilePrivilege	2580	iexplore.exe
Token: SeBackupPrivilege	2580	iexplore.exe
Token: SeRestorePrivilege	2580	iexplore.exe
Token: SeShutdownPrivilege	2580	iexplore.exe
Token: SeDebugPrivilege	2580	iexplore.exe
Token: SeSystemEnvironmentPrivilege	2580	iexplore.exe
Token: SeChangeNotifyPrivilege	2580	iexplore.exe
Token: SeRemoteShutdownPrivilege	2580	iexplore.exe
Token: SeUndockPrivilege	2580	iexplore.exe
Token: SeManageVolumePrivilege	2580	iexplore.exe
Token: SeImpersonatePrivilege	2580	iexplore.exe
Token: SeCreateGlobalPrivilege	2580	iexplore.exe
Token: 33	2580	iexplore.exe
Token: 34	2580	iexplore.exe
Token: 35	2580	iexplore.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2580	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe	28
PID 1872 wrote to memory of 2580	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe	28
PID 1872 wrote to memory of 2580	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe	28
PID 1872 wrote to memory of 2580	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe	28
PID 1872 wrote to memory of 2580	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe	28
PID 1872 wrote to memory of 2580	1872	NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1872-10-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-12-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1872-3-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-6-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-8-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-11-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-1-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-7-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-0-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-5-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-9-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-4-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-2-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/1872-14-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/2580-13-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads