darkcomet | b2dc44fd64beab5b53beb3fbd60e7ddd803337774dac60fcba0d71deb0a138e7

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75d7f4e89d40c202c6a28dfe30d6cc93.exe
Size

1.2MB
MD5

75d7f4e89d40c202c6a28dfe30d6cc93
SHA1

fe394c2f0abea15f8b6c19fc4e0ac4ebe8c63c6b
SHA256

b2dc44fd64beab5b53beb3fbd60e7ddd803337774dac60fcba0d71deb0a138e7
SHA512

568dfe60bd6a8443185906fd7e22924ca23d9a2fd4ced2b34c450dfbcd7ca8989017127ba813ff5633c47450c200b2119fa7a4554f9385745cc22a51835e8231
SSDEEP

24576:e9wrQhw7iGRv/roB8hd7mWS/16fSYKxQ:0WiALoSnS4tsQ

Score

10^/10

darkcomet x rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

cppgamer.no-ip.biz:1024

cppgamer.no-ip.biz:1243

Mutex

DC_MUTEX-EN4NFY6

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
0wdCxW5TpJNK
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Suspicious use of SetThreadContext 1 IoCs

Processes:

75d7f4e89d40c202c6a28dfe30d6cc93.exe

description pid process target process

PID 2380 set thread context of 2240 2380 75d7f4e89d40c202c6a28dfe30d6cc93.exe explorer.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2448 2240 WerFault.exe explorer.exe

description	pid	process	target process
PID 2380 set thread context of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe

pid	pid_target	process	target process
2448	2240	WerFault.exe	explorer.exe

Suspicious use of WriteProcessMemory 19 IoCs

Processes:

75d7f4e89d40c202c6a28dfe30d6cc93.exeexplorer.exe

description	pid	process	target process
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2380 wrote to memory of 2240	2380	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 2240 wrote to memory of 2448	2240	explorer.exe	WerFault.exe
PID 2240 wrote to memory of 2448	2240	explorer.exe	WerFault.exe
PID 2240 wrote to memory of 2448	2240	explorer.exe	WerFault.exe
PID 2240 wrote to memory of 2448	2240	explorer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\75d7f4e89d40c202c6a28dfe30d6cc93.exe
"C:\Users\Admin\AppData\Local\Temp\75d7f4e89d40c202c6a28dfe30d6cc93.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2380

C:\Windows\SysWOW64\explorer.exe
C:\Windows\system32\explorer.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 232
3⤵
- Program crash
PID:2448

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2240-5-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/2240-7-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/2380-0-0x0000000074A20000-0x0000000074FCB000-memory.dmp

Filesize
5.7MB

Download
memory/2380-1-0x0000000074A20000-0x0000000074FCB000-memory.dmp

Filesize
5.7MB

Download
memory/2380-2-0x0000000000090000-0x00000000000D0000-memory.dmp

Filesize
256KB

Download
memory/2380-6-0x0000000074A20000-0x0000000074FCB000-memory.dmp

Filesize
5.7MB

Download