Overview

overview

10

Static

static

3

fc7cb881cc...18.exe

windows7-x64

10

fc7cb881cc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 09:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc7cb881cce701a7aa0e66db5343a08b_JaffaCakes118.exe

  • Size

    719KB

  • MD5

    fc7cb881cce701a7aa0e66db5343a08b

  • SHA1

    8aabd3472aadda2df50f491d8868924fbd02400b

  • SHA256

    41d83459aad53dd5da4346d33bd8df6648f7da7a12a0ebc5f0e8aeb1bb4ebed9

  • SHA512

    1d2ae10224e40d3fe1c5d5848afa91898b23b1dd8df104c689d911a10a899674d6cc7620c76c35113cf7de0db5fed31fe64934b74607289d6e6ec3f2f389e749

  • SSDEEP

    12288:5ZwHOyR7qnrIP1coEheYLpv2vlUUSNIRLNvWuWPm6NT4ITMRRLjDlCjI:LT6KJgN+GNwmVRRDkM

Score
10/10
darkcometguest16persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

rattenjunge.zapto.org:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    4cjU6YoJ5VXp

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc7cb881cce701a7aa0e66db5343a08b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fc7cb881cce701a7aa0e66db5343a08b_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa93fc62ff1c8e162e7078774a97f968

    SHA1

    0618c9655031bd98a77e7949c77d37988e99aba0

    SHA256

    9fb18214b6a6a571899e108bdf74146ae226676b0eb64c3b49ba5ab26270fd32

    SHA512

    55aee7df578c41bcb5b80f575d45b4838028c281f020fcc671f45c53b8a15c6e013291becf4a125e07de85edff0f9ae707b4cf4685d2b197b6920451ee089dac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    46198be736e2fcf7c7fec3211a8c61dd

    SHA1

    f8db0ce948f140f5b3782775eb777427e6b04aa2

    SHA256

    89effeec9c57a4c66013d53cbba63a3b3de72ea1d3db02a75554dfffb086209c

    SHA512

    073b75321ac79199c21163195b9ef1ce40cdb8c5d8fe9f78a2b36a0897fa8134b75d089ad90ce9a3e95e0bfc430c68f26235a6660ecc671776b13ecb4cd9c249

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    687261818558a395aed2d4ad2a1a5fb7

    SHA1

    2d4bea5d88cc844672dfd6f121d5780578c6518b

    SHA256

    9bd425796d427d40fb4fd977d226b004246bdef7a647f213282512a3daca67d6

    SHA512

    7ae99c4af48f50e6d5feff912ed87ee24d6363c40389ff888733a290e4924e6cf42fcfa1bc87802230def0468dc804fe2ed56e25b9a7647b1077e849405a5b13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a331feb26d0123393ad576740e6aea08

    SHA1

    0a95c7b820822798a5c0203b9d23dc9e69b77c2d

    SHA256

    dbeec61a97178797acbb138f49ee530a9b526f4a024db0150a8379963ddb6697

    SHA512

    95267e646dde2c72efd1888fdcf12a0507be00397f38a5612435f5b5308d0af55fae82488ecd7d6794fbf529879fae980f62b456d88c1eaa6814ae7edf416f52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53eed55f56df41a9444c6f62b13e1973

    SHA1

    7c94af31de4392b8e906edf27eff678594d4c5ed

    SHA256

    a8dd7e5275f2826bf5e1b16b22304c7d94faacd67fb8c0a310a4374e7a757cf1

    SHA512

    100613516787617fae0fd2ded004716406c64ec43c75e52529d13ab40f95f90c52783ab4eaf17fb465d236e990ff213e918761dfe95bb8a262e5c87f31dcbdd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2ed792aec73a03cc75bfc76d34bf177

    SHA1

    ba220086b98e132261c22d9eea96df725990199f

    SHA256

    016b344005e6a99a1635e0cb62e73a78ee46d66980f3b1169e685ae120f3867e

    SHA512

    95096b399becaf65d4774d5d2e56cd5987dd2119732494deb7c971f5f6a28fe68f0a51a5cc1952c3bc3e406fe3a3364cee03fb9a5b76dc0d6fc86eb204870d3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4d3e33843a527990e67387cee6917ea

    SHA1

    41d974522f068f4d1c309457288e3fdc7d113815

    SHA256

    9239dbf7680b64daeba25a37b3711a947fe114401d9c3089d25de1dd5915e1cf

    SHA512

    cfde9000366bd8cf92217c7f1d3530eaf6310d94f57a7a1279e86f543aa5cf61347a1152291772460c60fd232f5dfaabc99ea8b89cfee0653a4c960185b15142

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2de82456404e800ee297c7aa0c244157

    SHA1

    d3ed0ecb534c4358cc679b656fca9e9fa6c83d42

    SHA256

    ccb0d2dad1f442bf92adb0f61c437a5039d2159f5a10bd775f2e6f55b501b609

    SHA512

    b632cb1c938aa03362488ffa1c7c213e3932547f68c495987b5b4ecd7342bff8e72e415b894e09473a3695351eec3b8c11db95c038023a9461be3d9f63cf0cf2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b61cc15ab34b92a12f52763cee8ad6df

    SHA1

    6113f218bed3c978d726deedf71227ae993786ab

    SHA256

    72b6153fb3477d6e7a2b84b4f7b7ca349b54e5ead8d62ce83c57ccceea18bfe8

    SHA512

    409d6666646c1ed0041ca426cc3782be42e9b7920a328b8ba34a295213d8ff79da56283dac32a1b8c972e35ec0e64e6d2a212eed8bf9e7ad66d9fd623bc608a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53384ddfd4ab33e85d5621c257374d4f

    SHA1

    620f4fed0f7075bfcd833b7f0fe6d0388f4f67f5

    SHA256

    e284523449e06d5987f4a84ea2589b9c4aff4d7268d672297fb8274ea47be7ff

    SHA512

    12676574d6c1f7663ae3b243ea13e994505a481cfdbb2cddde9f37ecd9db2b598ef9fb9fc45899c523121502fce8ea007833ba1f2b436c7ff3e2a920112c1204

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c4c5415eb7b22213bda6907b32f99994

    SHA1

    6878101c858a2f852e1bce79fb332640e3c2fc34

    SHA256

    022a2438fd94b75425f18dc71f2187f89c4f75dde5c5322828f7ebeea620aa40

    SHA512

    f30170e88fec73db0a47afd4ecdcd7b31d8020b8f856f7725312b63f563dd2d42226988ffbdccd0e9deecd5fdd1119eea42489bd922fc4892e8eaf5a828bd9fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d360ca5628e436e82f907e70bfecc43

    SHA1

    e4b8ae4f4da42a78a9de59e3ba2e10051619b474

    SHA256

    e90321ed2d0c3fc617bcbf51f5c7410acad6c666f48e50fcc8af4ed9915869f4

    SHA512

    97a8ec20295ade9e38c1965b33b0abe84ca68c087ea53fa73099aab3df78624a060f4696bb9643603bab245a7694a5f6e737c4cfcb6537f44c43bcae65b90c02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45abd6aa5d8f809839b1d0a91075b2af

    SHA1

    bbbf2858c3efed6673343c1491edac824d171230

    SHA256

    28a2d3ea672c4f10478177f2b662c1092af0fd790209f6b12b3aa95ed588b76a

    SHA512

    5b7dab8e82dd40927083e08ddb3a2011cfed7401128704838909ebe08b31cc76aefa6aebd262c520a03277f67b407cc8d97a90c325cc4715cf348de3486a8bb0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab61A3.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6284.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2912-0-0x0000000000400000-0x00000000004B5000-memory.dmp

    Filesize

    724KB

    Download