Overview

overview

10

Static

static

7

NEAS.2fdf1...a0.exe

windows7-x64

10

NEAS.2fdf1...a0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe

  • Size

    293KB

  • MD5

    2fdf1218a636c6e1415dbd1f2eaf53a0

  • SHA1

    3e9dd5bcde75be2aee3253d711afa0080f188dd4

  • SHA256

    1a787786968cfa9102f6ba5362d274349bf53f15f2dc0c9a70940edf7d626074

  • SHA512

    b395054ed37bbee9a9d6c3e3d9966c3f57587e90b8c440aed5b01442b360ac3f8b761cd3da305c9fba97a5f4d325b1c747a722ecc16e59ccf3e92f8aba226085

  • SSDEEP

    6144:YbaepOgEy+AT5JPPiFrF6UTcz/DJZoAwDuRS/xrZ:Qa2dEy+ATrPiFXEJZoAwDui

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Program crash 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2fdf1218a636c6e1415dbd1f2eaf53a0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 544
      2⤵
      • Program crash
      PID:3696
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4500
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 556
        3⤵
        • Program crash
        PID:4836
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3092 -ip 3092
    1⤵
      PID:1836
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4500 -ip 4500
      1⤵
        PID:4164

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3092-6-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-8-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-2-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-3-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-4-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-5-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-9-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-13-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-1-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-10-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-0-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3092-11-0x00000000022D0000-0x00000000022D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3092-7-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/4500-12-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download