darkcomet | 9ca28c0595840badf0a13f573372e23594a5dc4ee67b6b82118f4a156dda4ecf

Analysis

max time kernel
145s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

387ca2bd5b2504b0715aa8dce5119c61.exe
Size

646KB
MD5

387ca2bd5b2504b0715aa8dce5119c61
SHA1

75a5136cd45472d67b24b7181469629ffb1114eb
SHA256

9ca28c0595840badf0a13f573372e23594a5dc4ee67b6b82118f4a156dda4ecf
SHA512

40104190ab2d28e6c8fea5137de353086bb1f10361d6253609ab4908be2f89ffaac2aa414fbb2ef2435f8baae08d236528bf35db9a9ca729ad3ec31543f9e4a3
SSDEEP

12288:w8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixl:pUKoN0bUxgGa/pfBHDb+y1HgZ3

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2544 set thread context of 880	2544	387ca2bd5b2504b0715aa8dce5119c61.exe	16

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeSecurityPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeTakeOwnershipPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeLoadDriverPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeSystemProfilePrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeSystemtimePrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeProfSingleProcessPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeIncBasePriorityPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeCreatePagefilePrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeBackupPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeRestorePrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeShutdownPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeDebugPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeSystemEnvironmentPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeChangeNotifyPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeRemoteShutdownPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeUndockPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeManageVolumePrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeImpersonatePrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeCreateGlobalPrivilege	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: 33	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: 34	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: 35	2544	387ca2bd5b2504b0715aa8dce5119c61.exe
Token: SeIncreaseQuotaPrivilege	880	iexplore.exe
Token: SeSecurityPrivilege	880	iexplore.exe
Token: SeTakeOwnershipPrivilege	880	iexplore.exe
Token: SeLoadDriverPrivilege	880	iexplore.exe
Token: SeSystemProfilePrivilege	880	iexplore.exe
Token: SeSystemtimePrivilege	880	iexplore.exe
Token: SeProfSingleProcessPrivilege	880	iexplore.exe
Token: SeIncBasePriorityPrivilege	880	iexplore.exe
Token: SeCreatePagefilePrivilege	880	iexplore.exe
Token: SeBackupPrivilege	880	iexplore.exe
Token: SeRestorePrivilege	880	iexplore.exe
Token: SeShutdownPrivilege	880	iexplore.exe
Token: SeDebugPrivilege	880	iexplore.exe
Token: SeSystemEnvironmentPrivilege	880	iexplore.exe
Token: SeChangeNotifyPrivilege	880	iexplore.exe
Token: SeRemoteShutdownPrivilege	880	iexplore.exe
Token: SeUndockPrivilege	880	iexplore.exe
Token: SeManageVolumePrivilege	880	iexplore.exe
Token: SeImpersonatePrivilege	880	iexplore.exe
Token: SeCreateGlobalPrivilege	880	iexplore.exe
Token: 33	880	iexplore.exe
Token: 34	880	iexplore.exe
Token: 35	880	iexplore.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
880	iexplore.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 880	2544	387ca2bd5b2504b0715aa8dce5119c61.exe	16
PID 2544 wrote to memory of 880	2544	387ca2bd5b2504b0715aa8dce5119c61.exe	16
PID 2544 wrote to memory of 880	2544	387ca2bd5b2504b0715aa8dce5119c61.exe	16
PID 2544 wrote to memory of 880	2544	387ca2bd5b2504b0715aa8dce5119c61.exe	16
PID 2544 wrote to memory of 880	2544	387ca2bd5b2504b0715aa8dce5119c61.exe	16
PID 2544 wrote to memory of 880	2544	387ca2bd5b2504b0715aa8dce5119c61.exe	16

C:\Users\Admin\AppData\Local\Temp\387ca2bd5b2504b0715aa8dce5119c61.exe
"C:\Users\Admin\AppData\Local\Temp\387ca2bd5b2504b0715aa8dce5119c61.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/880-1-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2544-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2544-2-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads