darkcomet | 5ca54747c0b1ce3c39044d66853d0075ce97f5e8be2a330d6be4ebd7e35b5e81

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5986d57702bc2c6ffeef297b708c74d8.exe
Size

722KB
MD5

5986d57702bc2c6ffeef297b708c74d8
SHA1

c2dabd2310f2b057b5b9cbb37ea0af10e13abbf9
SHA256

5ca54747c0b1ce3c39044d66853d0075ce97f5e8be2a330d6be4ebd7e35b5e81
SHA512

f948d51bb5f51db6276e2344622867b9a2a595fd38109b86da9ed525751cecec30c025fa3b7f7e1b9af79e97a369f4daf3bc4d6be3bc47aa7ceee7b88cfedb48
SSDEEP

12288:EFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0c/qd:U3nbWmJVJFwSddIXvfhqbiaxvRFqd

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2368 set thread context of 2192	2368	5986d57702bc2c6ffeef297b708c74d8.exe	16

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeSecurityPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeTakeOwnershipPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeLoadDriverPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeSystemProfilePrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeSystemtimePrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeProfSingleProcessPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeIncBasePriorityPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeCreatePagefilePrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeBackupPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeRestorePrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeShutdownPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeDebugPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeSystemEnvironmentPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeChangeNotifyPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeRemoteShutdownPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeUndockPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeManageVolumePrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeImpersonatePrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeCreateGlobalPrivilege	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: 33	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: 34	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: 35	2368	5986d57702bc2c6ffeef297b708c74d8.exe
Token: SeIncreaseQuotaPrivilege	2192	iexplore.exe
Token: SeSecurityPrivilege	2192	iexplore.exe
Token: SeTakeOwnershipPrivilege	2192	iexplore.exe
Token: SeLoadDriverPrivilege	2192	iexplore.exe
Token: SeSystemProfilePrivilege	2192	iexplore.exe
Token: SeSystemtimePrivilege	2192	iexplore.exe
Token: SeProfSingleProcessPrivilege	2192	iexplore.exe
Token: SeIncBasePriorityPrivilege	2192	iexplore.exe
Token: SeCreatePagefilePrivilege	2192	iexplore.exe
Token: SeBackupPrivilege	2192	iexplore.exe
Token: SeRestorePrivilege	2192	iexplore.exe
Token: SeShutdownPrivilege	2192	iexplore.exe
Token: SeDebugPrivilege	2192	iexplore.exe
Token: SeSystemEnvironmentPrivilege	2192	iexplore.exe
Token: SeChangeNotifyPrivilege	2192	iexplore.exe
Token: SeRemoteShutdownPrivilege	2192	iexplore.exe
Token: SeUndockPrivilege	2192	iexplore.exe
Token: SeManageVolumePrivilege	2192	iexplore.exe
Token: SeImpersonatePrivilege	2192	iexplore.exe
Token: SeCreateGlobalPrivilege	2192	iexplore.exe
Token: 33	2192	iexplore.exe
Token: 34	2192	iexplore.exe
Token: 35	2192	iexplore.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2192	iexplore.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2192	2368	5986d57702bc2c6ffeef297b708c74d8.exe	16
PID 2368 wrote to memory of 2192	2368	5986d57702bc2c6ffeef297b708c74d8.exe	16
PID 2368 wrote to memory of 2192	2368	5986d57702bc2c6ffeef297b708c74d8.exe	16
PID 2368 wrote to memory of 2192	2368	5986d57702bc2c6ffeef297b708c74d8.exe	16
PID 2368 wrote to memory of 2192	2368	5986d57702bc2c6ffeef297b708c74d8.exe	16
PID 2368 wrote to memory of 2192	2368	5986d57702bc2c6ffeef297b708c74d8.exe	16

C:\Users\Admin\AppData\Local\Temp\5986d57702bc2c6ffeef297b708c74d8.exe
"C:\Users\Admin\AppData\Local\Temp\5986d57702bc2c6ffeef297b708c74d8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2192-1-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2368-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2368-2-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads