Analysis

  • max time kernel
    117s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-04-2024 06:16

General

  • Target

    f2dee5945a3f56fff40b4ab53b029d91_JaffaCakes118.exe

  • Size

    621KB

  • MD5

    f2dee5945a3f56fff40b4ab53b029d91

  • SHA1

    0eb59b2657c24ad1fbd66835dad9b5dc58991197

  • SHA256

    193076442e8e81094d5da104c265d15cfc614d0cefeaef5873eddf07b1301983

  • SHA512

    d42af8cd3c0a404631c15540328631bbec3a5654b8b562e0c405e72aee157195714495278170441460cedff45a841a48f0eab1a8f931a2055c827453ea15c9d2

  • SSDEEP

    12288:1sXoKy9Q58lYukxzFaKprKwQAT5tqYdvuqxo81wnSJPlJhR5lTuYrBaTU1f3:1sXDfumMKpr2AtQYdvuqx51ASJPl3rt9

Score
10/10

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2dee5945a3f56fff40b4ab53b029d91_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f2dee5945a3f56fff40b4ab53b029d91_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    61896e41ba7d4caa16575ceb687f12d4

    SHA1

    d4f29a179a75d72dcd29ff4ff7de2cf6e1c2a833

    SHA256

    69c88ef32faeddcbd717718bda900dfdcb4558d3ad20031f0e74ceae9a1698e7

    SHA512

    b4d0f26806120aae948a42a4464cacbc2380a2f66bfff72438e2e66fdff9c41a8947528070f47d4ae6932479fa414a169a59a54de28c01ff0c693f3b7dbbc6de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    70bf084c1d7bcc9d986c98dd16e49ed6

    SHA1

    d0c652bbdd831e21436468a1690eee54ed4ff702

    SHA256

    81ffe38bf5f9f5b39e67a675ea96775cb46cd1eb4883befcee96ddb47a1e5eac

    SHA512

    5cba8b09e50edad541623eaec2c38140a56045d195d7a95a198a066b8d81e844d89bf482253079c6235bff2f104c8329e29cddb2d2530e843b1cc97f58e6593e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c83801620e9cee12671d68b2573f9bcb

    SHA1

    98d27ddb999362f558f1501c929e305c8834b5fb

    SHA256

    a799c2aa68bd9f67abc05cbea0d5590571fb4f44deb8b41311c22a8ad65a2c61

    SHA512

    0c8db69ca6000be51fb4e00a5282e3a40ae544150977382b0cfe92af3a40a4a707e4ecaf0b2d0c461f9e7f4d8d04cec55a52e97e859e9b58ffd3ce5048fcf91d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    087adb25981728c13667cf91341cf5f4

    SHA1

    33c937d83a24eb590e9fce73b67f2b553ad4fc9b

    SHA256

    722a91ab21236052a717709386e398aac9b6c9eb932a9bd9c76585214b639fbd

    SHA512

    f58e7c580a877f952722540f24e17c560f3db295d9d3323be80a6751b673246fe1c903d274b58768769ffae231a7884fe24e8718e765e8a1a4f137110450a122

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d8b9e65fbc3f91f091991952309964f8

    SHA1

    fc4cc1cd00363153224f489a88859c18058882a5

    SHA256

    07c75d2bf9390953409e424fd8aa06fd8d45097c846464a3dca7b86a6acdea29

    SHA512

    260dc199f299bd0942f11a2d7dbc1072f305f6d1db5fb67b3aad423aa764484790c1c8300d8761fda351f0e7e5f662db2f01b4a3b74b164885ae532bae530024

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3ab2ff47e698a6fdaf756e9487a0af30

    SHA1

    e1b4e9a85da9f67120d580e5aeec3896e8134bd6

    SHA256

    8562b4da7a1d4a271e3755f219a7498ab2d9a8a6a898e223c7672d083da56341

    SHA512

    b5157d73db95cb41748801d11b79515cce97eefca3a01ad74072044f1d34740c78c193f5fd4f88e02b9055561443b17b7de5ce48ee33d3b42ad964d14db984f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    78fecf689612d072a9a609561dd7a500

    SHA1

    951d5c8d2143ef18489539922a4fd3fdee197bc2

    SHA256

    2ea81be814284be2819a53c21bf9dc630bc8be51f5cb013fdc94b1a69f6be2cd

    SHA512

    c74ffa7ebfde83559f7ca29fa1d2fb674728349ec91981865f226984a64b128b3281b966e79534987de7da1974c9fe795a4ebfe7ef632027d86d4dced641bf9c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3652d95039e6b4763a199127ad98465e

    SHA1

    68d6875a4c10080c63fc29449dc552af8641ed7c

    SHA256

    f79b3f6146a9f13fc1ddd86beaa5023f850de3d4525a525c27d7a985f1459a2c

    SHA512

    94c346dd056fb6eacdf97caecd3736d7165aee96bb1214423f6646e046aee2cd959b9de7b3a0afac3a84d4801b9142632f097beaa1f267f32c1103be62105b5a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ac1e961f0f1ab51f82c5501b397c339c

    SHA1

    52bf7978963d50df05b29ea6c5846b846179cc28

    SHA256

    3be6758c8e7b0324fd9d357d779e9f7c0b06e286c20c63b07b1b65da9b483a31

    SHA512

    c2145ac98145fb02c8488c3ee326c466dcbcef22c9708c213153270f4fdd4e6895219768bd8fd9af4e90705351fa70629b3f653f81748ac738d1da651de93afa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d8fc80622f9e283f51c87ef398d268dd

    SHA1

    33830153a5d7e6a8c8c97e7753bff470edc2aa35

    SHA256

    732c7969fe98a1cea0746a09db76934590794affe8f289cd9a05e70fe870dcbd

    SHA512

    33a1c5c6a3fac00a15fa0d22ea23c90ded662113ea26d29457a8f159b5d1c778bce33726c6d9038e8279fedf9bfe00f2131b2120646317892b456b6fecc7a919

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    decd7267b77e9ceb5bb34303168eef45

    SHA1

    169562a9ad03bef26a28cbc6fc381ddec23febab

    SHA256

    4975772ad12c128527fcb7907afc60568065b592208e9ede75da9d6447a7c57d

    SHA512

    54acb40982dbf9618c49ac50a844d3173383bfcabd1571f9c904bb0f1e487bb58407a3e80cbfe87a6090eef8a2c77eaf97a4433179b15ad8633cd802edc57ead

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4dc25f2aa2de22a40399590f62c11f07

    SHA1

    b1cbb0917e8e87702799660e6a610b76b86af334

    SHA256

    a744b1a279ff51970a3eba784476fb86f0b209a051a847afb4858fa587cc1e82

    SHA512

    d74e9aea96c5b2e892e46f7794b42b331ded1ed75ee51f8e4352b803bdcbcf6681a2e5acd2451158cbc273e86c40cf5cd1d04be40079e05b9e43d7df65cbc371

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d92b19a69ee3b2336bc7ac35550f05e1

    SHA1

    1d4523574047db1d27c39693f62d8745f6b6cda0

    SHA256

    834eb409d83145a23f1b288b7a72573a5977193ea7199cd8d4274c72cd5d9d18

    SHA512

    a2038609fdbae180abf7b92cc0014a5075492356621cae7cb182c1998b59d5b4335324d0c950f8469213a65216974595f258c374e2cfb4bd1c9b9517dd077706

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3d399b3844fb74439a9dd524c3aefa5d

    SHA1

    63a8743430bf1b6f83c7f26ba048af735eacb0aa

    SHA256

    80d0328205de9cb365c31c9a7afce8584505b06a6bf107530ce4103fe1a686fd

    SHA512

    1ae95f5517ab8c12cb72bf7f489cf576bad665482d91b539f62cf000861e4c095708cd1ad4694396c88a3251b7860a3df3c886e5dd11215ed81ee744d069cff8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    be83e09627fca4197c964d6813c66a8d

    SHA1

    986c9e97aa88b2f683723fec6328928d9be2fa80

    SHA256

    68348fe8f961fe716ad12a774778f29c81b642ff0aad7a69f2fac70ca64be6ff

    SHA512

    58f71791fa2c83c5f7da006775994072340efacb6ee46aaa0b16b6f188e8cb3fcfae1bafb84d7f94722e04cf4ada3f1601dc4152aabd88d156b0379329ba6d24

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0eb0da613d9f2e399eeb8144bc9c3f85

    SHA1

    0b8e6b3b7aa56dc5c08e05c88f2096c19444002f

    SHA256

    d2fe0f4e15a4717c6212b771e99ff85ca6786f7ffc2e2fc2046f0d75248f9671

    SHA512

    935d0c7a9dba698dc97104caf7d1642bd8389d7000c03b6b43487654c8b745838e1e7e5f81c6e692cf52b473067ff9fb4eaf4d4f7fb9e69f9c57b08a1980f8c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    be96092f189d97babab95adab78b6acb

    SHA1

    b70fa0d982dce89508a3333fbd2aa31dc8bf4cf2

    SHA256

    4af43a0ed2bd9763f4c0993786f943d3f7bf26a175ab981d011a48b8112e6f8b

    SHA512

    c8b7945daea5e8964fe462b1d73b366a7500aaafb399035be1f3210457c6ffd122a85e0f7b70fcd0e12257ca4e9a8fcee8ef2c00f032cd52c26b46280d6cf275

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e1d3e7b9621379b116e202175bdee83b

    SHA1

    785d5180aff2c5355465ab8b79b6db667b4bf4fc

    SHA256

    632774df1ff4d225a97144dbf86b07f54687afa2c030a9f094f93325424a0eef

    SHA512

    976589d1767bc2d91ecb49ab37de5b6fdf11eefbe168001006cb1a5abc2c0949321a267bc86307535e4aaa5abb4aacdc2d1b3549bd9ed9012ac8bf3a5ca7c486

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1986bd50680291be5bea11252b8d1ef9

    SHA1

    9367eed5fcadee57e7c429abba3d274566110014

    SHA256

    01838005d5232fd09a21a020a758c6b2bac6ef5c1ba58c8afb0b556674ee1f08

    SHA512

    9e068328acc5a6c697636814503e74da96b4dee20e2ea95db53bea395357030d5a566c470f9c9505c9459aaa79a22a969fb1cc241674dc28a609049209c05761

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    279452de58b2a4e1584da6742d0ac628

    SHA1

    3121850eac726eb47ee6ac27864d1b886669e2dc

    SHA256

    6b13006eb7b280be508fc92159d02c84b8c3861e9db4ac75504db8df7c281d09

    SHA512

    dd42b7369dd35af3e5522f9aad179849e2b01c8c2623cdca8414135b5fad8082dcd754a22c36d1e5b2160ec7e2395549fa549a422c546df42531dda1adbbe52c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3c21790c3688b742532f43bccfde7839

    SHA1

    9718e8c334afc6d3a7193fa624f621a8b134e9ca

    SHA256

    423bf814f2361a00e9ab372da4444298f7e5677b96df492e16e681834f2984e4

    SHA512

    7792274b65ffbf806425f2f797a18d28ddc2f27028d0511623f9424e3d93066f5c76a67ba89e1bd3a53e98236ec3efd18deec8f8b64db18fe425da4b689b0a4d

  • C:\Users\Admin\AppData\Local\Temp\Cab9782.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Cab983F.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar9863.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • memory/2512-3-0x0000000013140000-0x000000001320F000-memory.dmp

    Filesize

    828KB

  • memory/3048-0-0x0000000000400000-0x0000000000438036-memory.dmp

    Filesize

    224KB

  • memory/3048-4-0x0000000000400000-0x0000000000438036-memory.dmp

    Filesize

    224KB