Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

680e9c3f35...52.exe

windows7-x64

10

680e9c3f35...52.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    680e9c3f35d592e5bb67970823e35252

  • Size

    761KB

  • Sample

    240119-tkwe2saaa6

  • MD5

    680e9c3f35d592e5bb67970823e35252

  • SHA1

    02ee1040fba1b643d5d0e5ff9e5974269d6b8f66

  • SHA256

    14a6bd1c424617202ef7c0c2fd0110be91aa582d729b094a6c7313d8ebaac21b

  • SHA512

    8ba0c46e8582ae01e935e515e1100eb5f31f9fa82daea351ec41779cbc1ea40d62eea8ef832e84c9e4a8fc4001edd7df75c8ab06f89db7b052b6be78dc355bdf

  • SSDEEP

    12288:XikXBz7TsdZtk5QviGzWILqUsjDGQ1fTjw1/ICteJV2/Y/R468AWcga03U:M1K/IeUG/XwKCtiVCARH8ABl

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      680e9c3f35d592e5bb67970823e35252

    • Size

      761KB

    • MD5

      680e9c3f35d592e5bb67970823e35252

    • SHA1

      02ee1040fba1b643d5d0e5ff9e5974269d6b8f66

    • SHA256

      14a6bd1c424617202ef7c0c2fd0110be91aa582d729b094a6c7313d8ebaac21b

    • SHA512

      8ba0c46e8582ae01e935e515e1100eb5f31f9fa82daea351ec41779cbc1ea40d62eea8ef832e84c9e4a8fc4001edd7df75c8ab06f89db7b052b6be78dc355bdf

    • SSDEEP

      12288:XikXBz7TsdZtk5QviGzWILqUsjDGQ1fTjw1/ICteJV2/Y/R468AWcga03U:M1K/IeUG/XwKCtiVCARH8ABl

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks