Analysis

  • max time kernel
    119s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2024, 08:48

General

  • Target

    69fefc7584266eb0fe60c83e3cfc0adc.exe

  • Size

    471KB

  • MD5

    69fefc7584266eb0fe60c83e3cfc0adc

  • SHA1

    cdf7a76db1d6e20ba9283bea90a232e1458685f5

  • SHA256

    48ac6535a5b415175574538f76ac51a6ecc0bc89f6091e1ed8328f92215cfe26

  • SHA512

    24dea1cd154a5e44b18a2dae6246dbec1ec70be4b6f23045601b4148fd5d65a7816b70ef6e19e79e47596d7cc5a59c859e7f5f2de52856fa8853824cbbc2a2ad

  • SSDEEP

    12288:4j18JfmmwWXT/0uaogTseX0yLFl30leziGt3QNl:oCJYuLgoeRFlkkziGtANl

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Drops file in Drivers directory 1 IoCs
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69fefc7584266eb0fe60c83e3cfc0adc.exe
    "C:\Users\Admin\AppData\Local\Temp\69fefc7584266eb0fe60c83e3cfc0adc.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Users\Admin\AppData\Local\Temp\69fefc7584266eb0fe60c83e3cfc0adc.exe
      "C:\Users\Admin\AppData\Local\Temp\69fefc7584266eb0fe60c83e3cfc0adc.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Drops file in Drivers directory
      • Checks BIOS information in registry
      • Adds Run key to start application
      • Suspicious use of SetThreadContext
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Windows\SysWOW64\notepad.exe
        notepad
        3⤵
        • Adds Run key to start application
        PID:2776
      • C:\Windows\SysWOW64\notepad.exe
        C:\Windows\SysWOW64\notepad.exe
        3⤵
        • Deletes itself
        PID:2592
      • C:\Windows\SysWOW64\explorer.exe
        "C:\Windows\SysWOW64\explorer.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2628
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=explorer.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          PID:1308
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2864

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e8666807e490a2f0918560e06beb6e46

          SHA1

          cbdcf7f8bbd8a9ef9bdf6d43a9dbd4323a0df213

          SHA256

          fc6db485ec5add72b7f2134c2542dd7ad0a50fae1511484ca9811e05b4bf8183

          SHA512

          ad5fafb03109ebd97b8cedc9b8bffcbb14c04e3cc099e2d0051ed6ab546e68f60f4b0b576a28c10e522b7cf1b2ada87a985ed3502fd943b506a26504934eaa4f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          25e0e4d46ef1bc3c8e75813604003d6a

          SHA1

          629a6452b775e9294d178da5ce0522e7f5a325ad

          SHA256

          eb22d1c2f20d46821ff7eff20090f6066dee818476f0612772a96150496714c9

          SHA512

          0f7b2c3642b956d798abb83a8c3cc5d06b3b08099c2593d49b5a54f09ed3769471d5609c1d2a4605a6cbc416cb30498520724a45350f98e002dd05e7f5947937

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          7e5ddbf7b61d706a182fae5106c6e2c6

          SHA1

          9939d00a80ed14165dec4aa3524e6bd6804e111e

          SHA256

          fc64d15a9684d04f42fea4dc60e08ad2dac520278806d63c2d9f1dc5f917ac96

          SHA512

          2bac0e9fb76475de3f5923af9efa903ad16cbd8812b866ee861995712a99843dbaef761f2118f61ef3873b143219ee641f6889be206511e18c2b0bf0907d93c2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8ec2cece48fcbe41d7a8b936b83319d6

          SHA1

          bf4b175817f7fd65c0be48ed62ed5a4f19c2a24f

          SHA256

          74e38508a284a4b6486eca1731e4e8d9781b4053226ec5995e825bae92057d72

          SHA512

          80d00e2137290e28fd29413ad8c93e1304a653842b99523d971e32ec4d4ae7c72d1f17b554c72eed910cbe2058b187d87af8f00c16e26f896c8a9ba9e5439a99

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4d97b9d71e13e0a57e528cda9128ecd9

          SHA1

          e9553d19ea8a25d7a50c25c09ce6bd4864f6c6ee

          SHA256

          cef37db05d832f9dc343d1eaac65ef1fbee4888507f63268a9a427123d429a13

          SHA512

          d5a1232219b41ae1976d921895f9586fb2d9c81c5097c375a55b1e678d65a72b2229147d69684a03de633a176eda617e00f1f65033d34189ddbc9cfedcc1819c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          cc189c37d601045cbe53cfd2a2a029a5

          SHA1

          99af221cc94be3255b8ccf16cf05c9e580b7470f

          SHA256

          4dab3260088205733c3155babd80fe0d4f77d84e5dd2cd51abfd1a0ccf3f77fa

          SHA512

          72620b08900b412648c76db9faadd6eb52e807a6c53e4d7f6277e931f5650522bc6419485fa9b1ea4c636940ec257fd291740445fd229b5f70fc37a719ce175c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1622958d481211215b9139efaca82d32

          SHA1

          065492c9944209e5864ece6e4ce6915dc3798018

          SHA256

          e1ab61baf47999dd8b677e216ada3d866978e0b5e7ed39afa5d0eb96b82fbaa4

          SHA512

          e033330e600bab8f51af4f448d0c54a3a6d54f017f6eda57d61acebb69f24da3ab3ebe0747cfc071533a056443762e51909a33877320c2a9d13d3de78591301e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d162e80db873ed20199d7e86389e7cab

          SHA1

          f54473fab5779276e1edddc658a7be26f1e5d305

          SHA256

          d9040ead11d5b824f903ab8c648f885e7ceda5537128e6f8baa648c22554c9ba

          SHA512

          762037fa8dc2a7be2316a72ea2e3c50013afca97217d49e0a90b14c63868bda9a85fb09f82e8b78dd73461604bb16c7ab6e8d9bf71c6f1807e4ce3ac77177a87

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          615889a0858eef3829f43cf167fafb55

          SHA1

          c836c79a850e604d72317c9c0654360518f004ec

          SHA256

          79bf68c3e81974ac94b588b853632281cceaf1b2158094fd4171baa59be2ba26

          SHA512

          8a1f0706916bc5a9eaad63bb119e050aafc5f58303e5b4a197914f1e3a4c21b1b1a3122732fa6635f38d2097bd45114aba39e9a7e2f2d0844e8daaf5849e9135

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e79b486545165afdce9d05b2314fd08a

          SHA1

          31d3112d7a582f46ef411153f6b611ae4a280930

          SHA256

          8117d3a0616a4105973235c39902eb515556debc336a467c7280082255b9a2dc

          SHA512

          100b07217de2e72292ac43c8f67ffba41f157ee886c56170e19db1e6fb37577007dd40c19b29d8abe51b6dd14b1c03e5c4478f69bcf73e062c9d74bee0b670c5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          025122a15140c68643fbea5cc70ee68b

          SHA1

          314032b7e8edb1d505afe7dcdf2345b8c3e992f8

          SHA256

          5f2951797db77159c6572474b3f48818a13be1137b22411354eb81ac03326167

          SHA512

          de7bf0b5fe00fe83bddebb764031eba436d8c65aacfa26e42aba58f82cb24ac87030bace98c7305115c539a02807f1d6dcec96d76177a87e9fcb9fea1f8a6e57

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fec55c16bd777a0def2f7d19260e9818

          SHA1

          3c1334531cdb819e40f5231d7ac6978f4ac8c50e

          SHA256

          c69b24a73c4b986caa5102c4ad285ee8aa4bf1f3438f8ee9d405f1bc556197e7

          SHA512

          201ce8dbca4f6cd74768d537800b5a3e317b52e2636b80ce66e23989cd19f0df942d71cb47802bd6404cdc5a31ef518f5303515d30bfbcae0434d6a254627582

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          089686b3c3d79824c6d19f4557538892

          SHA1

          be9ec7233cda93e39b7eed373fe5f83d3e95f0b5

          SHA256

          f7900ba2cb579275a544caa2dc6004b2a22ca488901b48cf40347325ac3a3975

          SHA512

          9bdcb01db45d7e657d5d13766ff72179b74bcde192117eb7f0848c98c60a61530c9ecc6c28a1e4ea9dfce727bc6e83b87019fa680782cecaf8ce01505fc8c156

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c51b14951f647ffb0c5d9c92156f842e

          SHA1

          32d5ab95d185e351e75892b7a7b9f04618e4ace8

          SHA256

          d642e410e4b691263dce40ff50466503d269e266dbca04fff10dbc42b38a4241

          SHA512

          8dccc6e687eb684151d7d8e07f4b8fc9c52bb6e669d7590b6c15c3a635cc46e465919f277a1efecd7ac6fc66c3f3c3192a938f76dd906e9eff638912e5067c5a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fbe519749cd22105f70b4e0950521143

          SHA1

          a96da27a54dcac66d1f7cba55c37b41a8582352c

          SHA256

          a0027291e1490bbf624e5722621780686ad262597df07c4f1a9f2240790670ba

          SHA512

          4e37c2ce08dab6a3e92be63da1c04b153ab03f3614f53cbc9246e159db6b377b494d96b5e49d7aa103fb3bf15e30c7505d811529ec1de5e48d19a9a7a555660e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          7323fcf04a7c308d06c8e362955c7229

          SHA1

          b2d889236bede0e729661ea23e28296f83c4d3cd

          SHA256

          3d7f634aa9a68c80022aae34ef195999d683ae7c105ff260199d61b14ae7f02a

          SHA512

          403c7382ca1274d03bc5e3dca9c03bd69de8357f0d13b295f5f239ed19129855bb85c25e7d398e6579b5e5b2859411a67d432a487b13c009491a0d0eadf7a951

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          71249aa8e1567b3ac991f3ff56b8d9e0

          SHA1

          0bbab237e003571d4de59d28f38cdd01a2427958

          SHA256

          2f559222d992ef28d11110a8ba207f92b971125d87010839f544f7c06bd42193

          SHA512

          1dafe16b0949aaa241b37df2a43383585f55dceac8e53a4ccf5e4768aa88a765755492c13d18e437acf8df386c9cd6cfb2a7954e0451894aada47d7fc4d62c86

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          08f4578bdaac4f1e915e7d3c63857b11

          SHA1

          eb5ff1d8331ea5fff49bdd83144e9ee228ad7349

          SHA256

          8aa279e611ed5e1d630acac80298beb91dca28bcabcf83a7136fddb70d804dc4

          SHA512

          7e14be1b10a45f18dcfbe6e329c7ec3f249cb8b0e817ba1dd94df7a9b705d18c82051a171bd4639fb74ac88ccf051f1a0fcb6e374547689e7fd030d4f71a3a9d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fcc32eec1158827ad7afa371ca235043

          SHA1

          b38985d550748c3ad12580ac3ad5c6c5f487d31e

          SHA256

          bc536fd9bfac3f9efb35accc447e87f8cf4479d6f86ca5fa783638147b0cf67a

          SHA512

          c5bdd65e9712ba39055d0f1e68ac79e4e7fe0213ab837dcf6d519770a92fd15c25d3df359cd1b857dec2b0961f20b13951cae85b8ceec5f37488726e808ef302

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fa2dc0a509a5129957f4e2d2f842e6fd

          SHA1

          5af1509794f09728efbd3ae5149e6a7bdc7e6ab3

          SHA256

          3c3e04d368bd2e54d3c0eeffba28d08e44fbc00f65b07d1f79dd5715b5585057

          SHA512

          4fb5a42a6636909c85ff645b95ef8bd9db96ef00f7d291d11dab00fa0cdc1b76e13abcd70f2267160adf05e893042b6cc916feef9ab160f0f6bef027afc9be51

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          62315cbbbd0d1541f4740dd9665d9354

          SHA1

          d24c4e20293610b5aa1768cf912335de47afebb6

          SHA256

          f13c0f37d76f2274565508e3e48cbdd2c43d0a1af289d0d75d32a20e67763819

          SHA512

          9101ea46f999c6f6a18e0d94364825db1dbfaa50f1996eb5f284f529858aae63704320eb7062d3d1fcc8d7eb61d1c5135b0e185131bbe147709a792b603a3f0f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          92c85d78ccd5fa579181cf670803d542

          SHA1

          ea4ab8ea1964b09d1f6ba46806e64b945b94de48

          SHA256

          5180882741a842c9fc1dc12175c5e1000aa1e056d4892f7c5de6653c098eb1f8

          SHA512

          17ff3d23cbbea983322289f8cdc173c190445d333bcd9810dc7fdf11587c45f8a01edbbcb13adb8e5dc4592415f64c33b478cae3018f408dea63d3e929c6a130

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a300ca1389511ab1f5f88bcf1ac5b0ce

          SHA1

          0837f5d677ab0bda61d46e08e03a5566fefb5b48

          SHA256

          fe886a1f39c36b8eec5a0fe5cf8ffcfa1a437bd92e15e2e2b2c3cb7396f9725b

          SHA512

          c3ee4dbbfc7c0c863c358502fee981ada9307f559858ab625678841443aea40ae31845f00bfa141450493a42657dc42a17f3c43537fab5bfc037435df54d4563

        • C:\Users\Admin\AppData\Local\Temp\CabB56B.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\TarB64B.tmp

          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

        • memory/2160-6-0x0000000013140000-0x00000000131F7000-memory.dmp

          Filesize

          732KB

        • memory/2160-74-0x0000000013140000-0x00000000131F7000-memory.dmp

          Filesize

          732KB

        • memory/2160-3-0x0000000013140000-0x00000000131F7000-memory.dmp

          Filesize

          732KB

        • memory/2160-7-0x0000000013140000-0x00000000131F7000-memory.dmp

          Filesize

          732KB

        • memory/2160-4-0x0000000013140000-0x00000000131F7000-memory.dmp

          Filesize

          732KB

        • memory/2160-8-0x0000000000270000-0x0000000000271000-memory.dmp

          Filesize

          4KB

        • memory/2540-1-0x0000000074A70000-0x000000007501B000-memory.dmp

          Filesize

          5.7MB

        • memory/2540-0-0x0000000074A70000-0x000000007501B000-memory.dmp

          Filesize

          5.7MB

        • memory/2540-2-0x0000000001E30000-0x0000000001E70000-memory.dmp

          Filesize

          256KB

        • memory/2540-5-0x0000000074A70000-0x000000007501B000-memory.dmp

          Filesize

          5.7MB

        • memory/2592-75-0x00000000004A0000-0x00000000004A1000-memory.dmp

          Filesize

          4KB

        • memory/2628-50-0x000000001EE30000-0x000000001EEAE000-memory.dmp

          Filesize

          504KB

        • memory/2628-46-0x000000001EE30000-0x000000001EEAE000-memory.dmp

          Filesize

          504KB

        • memory/2628-48-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

        • memory/2628-53-0x000000001EE30000-0x000000001EEAE000-memory.dmp

          Filesize

          504KB

        • memory/2628-55-0x000000001EE30000-0x000000001EEAE000-memory.dmp

          Filesize

          504KB

        • memory/2776-10-0x0000000000080000-0x0000000000081000-memory.dmp

          Filesize

          4KB

        • memory/2776-42-0x00000000003B0000-0x00000000003B1000-memory.dmp

          Filesize

          4KB