Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a31d59e190...f9.exe

windows7-x64

10

a31d59e190...f9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a31d59e190008f0a3a2abc334c6ce9f9.exe

  • Size

    828KB

  • MD5

    a31d59e190008f0a3a2abc334c6ce9f9

  • SHA1

    37456e8559512dff814b09f9ca3710517148f8f2

  • SHA256

    27e663cc439cf3ff7b2f66260a851c8cf0ea5292d259bd1c22171685017dbd4c

  • SHA512

    47bdeb93ec8e8b659d3279c43524b4410bb91fc8b96e6f3a8044f189d91269b9e0d3fa236063f2fc05c12cf73777079f6e84f4b935e8122c095e85e525b49d75

  • SSDEEP

    24576:Gqv5LEymyQvPvS8cZTouk1wRhZ2Bq8aChQ:GqBL1AXvA0B1lw8/hQ

Score
10/10
darkcometbootkitpersistencerattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetThreadContext 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a31d59e190008f0a3a2abc334c6ce9f9.exe
    "C:\Users\Admin\AppData\Local\Temp\a31d59e190008f0a3a2abc334c6ce9f9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Users\Admin\AppData\Local\Temp\a31d59e190008f0a3a2abc334c6ce9f9.exe
      "C:\Users\Admin\AppData\Local\Temp\a31d59e190008f0a3a2abc334c6ce9f9.exe"
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Users\Admin\AppData\Local\Temp\a31d59e190008f0a3a2abc334c6ce9f9.exe
        "C:\Users\Admin\AppData\Local\Temp\a31d59e190008f0a3a2abc334c6ce9f9.exe"
        3⤵
        • Modifies WinLogon for persistence
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2296
        • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
          "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3048
          • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
            "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
            5⤵
            • Executes dropped EXE
            • Writes to the Master Boot Record (MBR)
            • Suspicious use of SetThreadContext
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2740
            • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
              "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
              6⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of SetWindowsHookEx
              PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
    Filesize

    45KB

    MD5

    147524926a4886fe607c30ba89ba0e9c

    SHA1

    3828b4e3a78e6f831749142d0f0a43dd965797f8

    SHA256

    9336eb9543c4c18d720231f1c0d8193feab45ae92643db37e7b60c633a0efee7

    SHA512

    850a40516faafb4212546b017caffe781bc4d63bac8e5446b9e5ac9a62cd9028eaa4b652c23fb636a2487f82e1f7449efa802c85f7371b6fa757d31b4ffc805a

    Download Submit

  • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
    Filesize

    76KB

    MD5

    a1c37cf4aaf204dfef936d85dc814af6

    SHA1

    3fba4873d75db51e0f0653d3a696a3195b12d9f5

    SHA256

    7a11eb0d1eb690afd3cc5ac08401aec53a17042ea3c33165d502b5ae44109d4c

    SHA512

    e58bdaabb13bda5f8d026fbf7a749d01edb7b5cf98bb2123c570ff4d965d58a8a6183747e8456868f6c91acbc45cf9f3720edbe7d4f62a9d91247df2f7befc1a

    Download Submit

  • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
    Filesize

    828KB

    MD5

    a31d59e190008f0a3a2abc334c6ce9f9

    SHA1

    37456e8559512dff814b09f9ca3710517148f8f2

    SHA256

    27e663cc439cf3ff7b2f66260a851c8cf0ea5292d259bd1c22171685017dbd4c

    SHA512

    47bdeb93ec8e8b659d3279c43524b4410bb91fc8b96e6f3a8044f189d91269b9e0d3fa236063f2fc05c12cf73777079f6e84f4b935e8122c095e85e525b49d75

    Download Submit

  • \Users\Admin\Documents\MSDCSC\msdcsc.exe
    Filesize

    19KB

    MD5

    75c9c65f97d7b68282f9c73b6cd5ceb7

    SHA1

    cb7921a9ec8f8a2df4b598be50078e1f56652ca5

    SHA256

    e280e44b3102388f523df9efd9419776bdd1b0202961c6101294e15aca53858a

    SHA512

    0a8db6d67b4c64fd09a0c0c619d16c79a92d566fdf73d72d2b00e1c133339b4fc6aaa3264cd4510e5aad0225ed845f63836b0adf35e4ff937876c99befd18363

    Download Submit

  • \Users\Admin\Documents\MSDCSC\msdcsc.exe
    Filesize

    46KB

    MD5

    024492dcc74c59f61fc5ee0debb1dbca

    SHA1

    c7c7510d57de54cb8ea3e6170c543e5c6e434122

    SHA256

    d76c2b1f2aa31ed72f04fd5372f78c9fea43c36a9891c0e6bda5e33687623f00

    SHA512

    3061520c8530960bd750a428cf754b1d10e81dc4beca9cf3d5dbe1dc3fe81b5e1cc1cfb7c6870f2ed5ba3fad36f9a83c180e6033e55e7e876452152370b24f42

    Download Submit

  • memory/1692-2-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

    Download

  • memory/1692-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1692-14-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

    Download

  • memory/1692-38-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

    Download

  • memory/1692-17-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

    Download

  • memory/1692-12-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

    Download

  • memory/1692-6-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

    Download

  • memory/1692-4-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

    Download

  • memory/2108-108-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2108-100-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2108-102-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2108-101-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-28-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-20-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-41-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-43-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2296-42-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-18-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-54-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-40-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-24-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-30-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-37-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-22-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-32-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-36-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2296-26-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/2740-99-0x0000000000400000-0x00000000004AD000-memory.dmp

    Filesize

    692KB

    Download