Overview

overview

10

Static

static

10

4c8ee98a43...4c.exe

windows7-x64

10

4c8ee98a43...4c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c8ee98a43d1c26907a933036d28fd4c.exe

  • Size

    912KB

  • MD5

    4c8ee98a43d1c26907a933036d28fd4c

  • SHA1

    d9ab020877222765abf9d3ba764fd407734157b1

  • SHA256

    3d1795472ee03c13edec697f27b8dc5d68debc1e54233051fa26bd113d92b1f1

  • SHA512

    ae7e631558c7022575650fe0b1e8fbc10437d2406d398493114284b33758345e956bd70452ede35f0f9d0f61299d4eb799bd49d57a370c640b73329d4a2349f0

  • SSDEEP

    12288:48UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/g3KlKebJS6+0mP:RUKoN0bUxgGa/pfBHDb+y1Hg3hF6W

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c8ee98a43d1c26907a933036d28fd4c.exe
    "C:\Users\Admin\AppData\Local\Temp\4c8ee98a43d1c26907a933036d28fd4c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4712
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      2⤵
        PID:3804
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        2⤵
          PID:1580

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4712-0-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-1-0x00000000022F0000-0x00000000022F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4712-2-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-3-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-4-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-5-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-6-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-7-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-8-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-9-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-10-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-11-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-12-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-13-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-14-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-15-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download

      • memory/4712-16-0x0000000000400000-0x00000000004E4000-memory.dmp

        Filesize

        912KB

        Download