Overview

overview

10

Static

static

7

77e53bbd8b...dd.exe

windows7-x64

10

77e53bbd8b...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 16:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    77e53bbd8b81841a0b52c1ac1bd1d8dd.exe

  • Size

    788KB

  • MD5

    77e53bbd8b81841a0b52c1ac1bd1d8dd

  • SHA1

    940e7b7cec428eb96ecf3c66df2f48868f5ca657

  • SHA256

    ed8657cc1b165a422cbebf77647e82dcab86e41dca8c5732caece236dca16c64

  • SHA512

    1b7c1211df817a84c688d3219f3907e92ab45166dcdc7c5daa0dc309d9dbaf12836497b46671360ae966148333c67fe0147d947fc28cf31d3b0ef23b2c315fec

  • SSDEEP

    12288:e56oNqv0GQ8MqUoZqORRenIOvLman2gNqvQAUTQ9SdVpusigXFhm9Sb9:eRovHQ8MqjEJIOT24AyQYpfiIFQUB

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77e53bbd8b81841a0b52c1ac1bd1d8dd.exe
    "C:\Users\Admin\AppData\Local\Temp\77e53bbd8b81841a0b52c1ac1bd1d8dd.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\77e53bbd8b81841a0b52c1ac1bd1d8dd.exe
      C:\Users\Admin\AppData\Local\Temp\77e53bbd8b81841a0b52c1ac1bd1d8dd.exe
      2⤵
      • Modifies WinLogon for persistence
      • Checks BIOS information in registry
      • Loads dropped DLL
      • Adds Run key to start application
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1036
      • C:\test\updater.exe
        "C:\test\updater.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2872
  • C:\test\updater.exe
    C:\test\updater.exe
    1⤵
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2704

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\test\updater.exe
          Filesize

          420KB

          MD5

          3ebe87f43171eeceed5da28cd73a4f24

          SHA1

          b40d7c62bbe64a5448e0fdc9a3cf418c5d2f23e9

          SHA256

          d448a7bea98b03d2469417e734fb8fd3c5a57eaf492f3791d9e11fb7dd7086fc

          SHA512

          f7112f60801fa345bc9e2b0216070435a0553e7d7456f02ffcd6694b3eb23929611b61f6dbeefb6be4e571b2a971f0caf460f3167b47cb072777b2764418b63f

          Download Submit

        • C:\test\updater.exe
          Filesize

          434KB

          MD5

          9b981ee1474d9061682e4167788bbddf

          SHA1

          997292a4ff032ed1c8120ae067d650d5c1c495eb

          SHA256

          515d1c083f2909868b58804077af5a387803b829f5248687b0266308bef39ed8

          SHA512

          fcad10c863590a0868f995c606b0581a457500954c45075dce9884536d21ceed583398879ab871f00e4536f059426aa0a0b5e79dad22cfc12eb4d3510a313aec

          Download Submit

        • C:\test\updater.exe
          Filesize

          292KB

          MD5

          e22d1487032371b879e4e8e517fef5ea

          SHA1

          5c87972166f1c4851b6bf7f142aa737afa07ddfb

          SHA256

          e2a8d2297515fbba712fdb3251921195a983600294ff165148d30f181fe75f67

          SHA512

          bdb951302911dcc8949c1ef0e8631a084c86cdd2e423441f772e833bac7a1b52499dec7f9d3612525bf438a2b124802d205448a6f65ad9c52ed505df5632c403

          Download Submit

        • C:\test\updater.exe
          Filesize

          239KB

          MD5

          89934b970c9faef6d6c2221ffba7f006

          SHA1

          2fbe2f790646c5581d2ca5cc4fbd889032fc6c49

          SHA256

          198254e9f22b835cdede8e0f53d8b9d2246afa02bcaf7e558e591d40bb8bdf9d

          SHA512

          7c3429ab9b55f5b9998102e38924d949e4d8401098fff051403a13b8d3af29e0a4f9d42d94ca6c5402b51f4a007cb305a9c0f6ea5dc35dc51a42696b42f37851

          Download Submit

        • \test\updater.exe
          Filesize

          595KB

          MD5

          6ba2f94288edeb60cc8a1eb4aeac39a3

          SHA1

          ab696fe4e1bc9982689cdadeebd72d2080013586

          SHA256

          b56310d4aac240dfdd36ce1a9e880772f46afd0cab114497fa4a1622c6146d24

          SHA512

          968d8f74e609d41cf0e49fea730a3e35011bf81d6957e1a782857bc89cd4357319fd309025d44bd6c5eab235a4b4e9e12dda391b6742a25fbdb93a99dc23cfe2

          Download Submit

        • \test\updater.exe
          Filesize

          453KB

          MD5

          f47219fc3681b4999de6fe71012ff0ce

          SHA1

          5a31e549cfda6e1e2ffd8ec823de2a4307d06beb

          SHA256

          f1954afa470910f7c7d87b9ca3d58475b736f8fbd5567fed363dfc62aca6717f

          SHA512

          47dd04b075ff9900e14e0ec13ff19476d8c2ccd7352de7e2b9e6b61116d4b48b68e8b1fb17cd32f4ee8886cbc74d253fa2de26cf6926f06eda8554b9eaf3e7f6

          Download Submit

        • \test\updater.exe
          Filesize

          299KB

          MD5

          20e1ef25ebef6fe793e69f0c6b357313

          SHA1

          a7747415d982025231a69f2295b4251f25f3a127

          SHA256

          4634a78920dd8df8324d16a4f8c7e8cc2dd117754f0aed32c7262603f573abf6

          SHA512

          664fd8c2d4eccb9792153b1ee100287435ef83775e9bc27e667371a44845721f31da83a497e70347b618a52c2b31a22a4d8e69700c3cee4ed0b4a4766b446839

          Download Submit

        • \test\updater.exe
          Filesize

          394KB

          MD5

          23b1daabb92302fd4f895f97068cfc61

          SHA1

          9201d9c8dfae9ecca66f475047dde5eb0ff9f21e

          SHA256

          f74739f1ce5613a6693d5e1a824daba90fe277f983796d54a140e7bda425b8f8

          SHA512

          024487dd023f27810dc67c31a8627e4658fd811bb2a826baa741800d39e2646f20cb027c2b8263b27deef210410126c39d06b4755b6de824cce74bd645944e0c

          Download Submit

        • \test\updater.exe
          Filesize

          277KB

          MD5

          e67caefcd0d85463e21ad0d51cff95d9

          SHA1

          f628a2750e363b870aabf179013721413bb0b72f

          SHA256

          1838809ec88fd0003096623d6a7486467a3ecbd72051ab94f29388a9a4690571

          SHA512

          9a69524bf7cf0047b631ce84c8e293898e0784262bb3724da238494c3acbff5f77ab693ab094855051249263633e7cbf51a3d0e5fd36255ac04879fc54ab6427

          Download Submit

        • \test\updater.exe
          Filesize

          306KB

          MD5

          881bb17e408a576ad2f04117a9d05ab4

          SHA1

          28bd0029d3c3d0068a1af080a194c6f729e97fba

          SHA256

          a9a0d95c26ef8d71713b6a40949bb3ab7fc200652155322cbaea02386a8deac6

          SHA512

          6dd225a6fffbf7c99847706f71312d6f45de39f1577a5fbd4155763d639060b5e03ec28e964ae5f30195c08d2a3bc077cebd161266caed082c1b522343def600

          Download Submit

        • \test\updater.exe
          Filesize

          224KB

          MD5

          2014c17b40c3fa8b61fc939952d87239

          SHA1

          c7821a431833e784589aae8e9a56a857924ebe62

          SHA256

          12f6b5f7b53c7dc8dba245d3dfdbe479329545d5fc352b51765254e6523261f0

          SHA512

          74bd101cfaaba8bcbd05ab6cc5493d11ffdc8cc382b5e49da108ef28de82f78e0139aa94740a50e9d97d6697b40e7bb834419ca860d6ac7cad4948f47f230cf0

          Download Submit

        • \test\updater.exe
          Filesize

          238KB

          MD5

          6fbf87c9c2abdd89e3219b8c62395473

          SHA1

          b3884dc4d13f4edaa9119bfc9467e336d5646f2a

          SHA256

          36700db9e93f9a6f5a1cf880bde02b9d242b635db3c9c5234d44b7bd5fea2096

          SHA512

          35aba013612d63c2f8ca4ddb370a8180a44b922fb62479b0db1b8b4f425410dbfa084cf8155c4556a474170d753cdefe527d3b2ae9c51ed8aed5a9b155e5a480

          Download Submit

        • memory/1036-22-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-4-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-18-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1036-23-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-25-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-26-0x0000000000330000-0x0000000000331000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1036-24-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-20-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-21-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-7-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-14-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-13-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-9-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-17-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-32-0x0000000003620000-0x0000000003660000-memory.dmp

          Filesize

          256KB

          Download

        • memory/1036-35-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-16-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/1036-11-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2232-3-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2232-81-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2232-0-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2232-6-0x0000000000280000-0x00000000002C0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2704-75-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-74-0x0000000000230000-0x0000000000270000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2704-73-0x0000000000230000-0x0000000000270000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2704-100-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-67-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-80-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-79-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-78-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-77-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-76-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-94-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-72-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2704-91-0x0000000000230000-0x0000000000270000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2704-62-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2704-90-0x0000000000230000-0x0000000000270000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2704-86-0x0000000000230000-0x0000000000270000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2704-84-0x0000000000400000-0x00000000004C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2872-83-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2872-85-0x0000000000830000-0x0000000000870000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2872-46-0x0000000000830000-0x0000000000870000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2872-54-0x0000000000440000-0x0000000000480000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2872-45-0x0000000000830000-0x0000000000870000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2872-47-0x0000000000830000-0x0000000000870000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2872-42-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download