darkcomet | b2dc44fd64beab5b53beb3fbd60e7ddd803337774dac60fcba0d71deb0a138e7

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 23:56

Target

75d7f4e89d40c202c6a28dfe30d6cc93.exe
Size

1.2MB
MD5

75d7f4e89d40c202c6a28dfe30d6cc93
SHA1

fe394c2f0abea15f8b6c19fc4e0ac4ebe8c63c6b
SHA256

b2dc44fd64beab5b53beb3fbd60e7ddd803337774dac60fcba0d71deb0a138e7
SHA512

568dfe60bd6a8443185906fd7e22924ca23d9a2fd4ced2b34c450dfbcd7ca8989017127ba813ff5633c47450c200b2119fa7a4554f9385745cc22a51835e8231
SSDEEP

24576:e9wrQhw7iGRv/roB8hd7mWS/16fSYKxQ:0WiALoSnS4tsQ

Score

10^/10

Family

darkcomet

Botnet

cppgamer.no-ip.biz:1024

cppgamer.no-ip.biz:1243

Mutex

DC_MUTEX-EN4NFY6

Attributes

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Suspicious use of SetThreadContext 1 IoCs

Processes:

75d7f4e89d40c202c6a28dfe30d6cc93.exe

description pid process target process

PID 5964 set thread context of 5224 5964 75d7f4e89d40c202c6a28dfe30d6cc93.exe explorer.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4432 5224 WerFault.exe explorer.exe

description	pid	process	target process
PID 5964 set thread context of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe

pid	pid_target	process	target process
4432	5224	WerFault.exe	explorer.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

75d7f4e89d40c202c6a28dfe30d6cc93.exe

description	pid	process	target process
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe
PID 5964 wrote to memory of 5224	5964	75d7f4e89d40c202c6a28dfe30d6cc93.exe	explorer.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 740
3⤵
- Program crash
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5224 -ip 5224
1⤵
PID:4036

memory/5224-8-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/5224-5-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download
memory/5964-0-0x0000000074B30000-0x00000000750E1000-memory.dmp

Filesize
5.7MB

Download
memory/5964-1-0x0000000074B30000-0x00000000750E1000-memory.dmp

Filesize
5.7MB

Download
memory/5964-2-0x00000000016F0000-0x0000000001700000-memory.dmp

Filesize
64KB

Download
memory/5964-7-0x0000000074B30000-0x00000000750E1000-memory.dmp

Filesize
5.7MB

Download