Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 22:59

General

  • Target

    a08fd72b86df0fa9b00dad61810ca714.exe

  • Size

    647KB

  • MD5

    a08fd72b86df0fa9b00dad61810ca714

  • SHA1

    c3f10ea5e9964c42123f9b86ec625448d314db3d

  • SHA256

    448bc3c1b2a6ffe10c444213375290d9081240182d505e9d64171f126bf5b059

  • SHA512

    07c879a5e979abbde49647c433bf372a3240adaf9aa5724becf4245966d26cc1819aa0df4070e18594b03905bb88e00ddc66a3010cba96ea6bb49212799faf0d

  • SSDEEP

    12288:86A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhjv:RAmBpVKHu0Mu9Xo20VGLVP5jv

Score
10/10

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a08fd72b86df0fa9b00dad61810ca714.exe
    "C:\Users\Admin\AppData\Local\Temp\a08fd72b86df0fa9b00dad61810ca714.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1352-0-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/1352-1-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

  • memory/1352-2-0x0000000000400000-0x00000000004B3000-memory.dmp

    Filesize

    716KB

  • memory/1352-3-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB