Overview

overview

10

Static

static

3

0af608e911...ee.exe

windows7-x64

10

0af608e911...ee.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2023 18:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0af608e9116ca465022a75f3c04f00ee.exe

  • Size

    1.6MB

  • MD5

    0af608e9116ca465022a75f3c04f00ee

  • SHA1

    998f2d298569c5618466f792ed03f77fee22470f

  • SHA256

    63b44c6c032a64c55d978ff64a58b8529402b55f678109727702a91421e31d21

  • SHA512

    86594c204ad49b6ea961e1a9af64c9824b3031dfef5a31244d7b21c86f15731de37ce5c2ab3ca13e06dcbd324f951daf074e1d2bee725ee461641dd3e2f689b0

  • SSDEEP

    24576:eG5drt5hlq2r+kkNNVJGoBcf5FMt36c7nSgMit65Eq/318GpGTv/JZl6Ez:lDhlq22gFcOXit6SmjkF6

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0af608e9116ca465022a75f3c04f00ee.exe
    "C:\Users\Admin\AppData\Local\Temp\0af608e9116ca465022a75f3c04f00ee.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Temp\agaga.exe
      "C:\Users\Admin\AppData\Local\Temp\agaga.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
          PID:2596
        • C:\Windows\explorer.exe
          "C:\Windows\explorer.exe"
          3⤵
            PID:2496

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\agaga.exe
        Filesize

        646KB

        MD5

        8b23a5cb329a7e10eef883049b2904ec

        SHA1

        3545db57f4a3d5f5e8247b24b1bdbc2d5c2c26c8

        SHA256

        cbb308fdb457b960dba0473241173b6b0df8e2d53e4e049469581f59d6ef20cf

        SHA512

        db2feba02295a77d3acf583b10431313fb7d24e631459b65de93d76b9f80a50349965d5819106dfd739f272b4a5d6397735e00783ed47b2f7dadf0a4a2772a6c

        Download Submit

      • memory/2580-13-0x0000000000290000-0x0000000000291000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-15-0x0000000000400000-0x00000000004AF000-memory.dmp

        Filesize

        700KB

        Download

      • memory/2580-17-0x0000000000290000-0x0000000000291000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-18-0x0000000000400000-0x00000000004AF000-memory.dmp

        Filesize

        700KB

        Download

      • memory/2580-28-0x0000000000400000-0x00000000004AF000-memory.dmp

        Filesize

        700KB

        Download

      • memory/2856-0-0x0000000000A90000-0x0000000000C34000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2856-1-0x000007FEF5B00000-0x000007FEF64EC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2856-3-0x000000001A940000-0x000000001A9C0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2856-4-0x0000000000A70000-0x0000000000A80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2856-12-0x000007FEF5B00000-0x000007FEF64EC000-memory.dmp

        Filesize

        9.9MB

        Download