Overview

overview

10

Static

static

10

6d6aceaf5c...18.exe

windows7-x64

10

6d6aceaf5c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 05:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe

  • Size

    658KB

  • MD5

    6d6aceaf5c3f2d9c02d292c15e4ff3d6

  • SHA1

    b92e13064b7693551963909d879f1e9eae57a021

  • SHA256

    ef6832d7f49bb09e6bb239c64b3c6738930cfe71a599bc70a8c62cb570447ff3

  • SHA512

    6a78c45f1dc631f77b2bc5f7e2bc3e7dc31c8aa81f46f549de035616f922c277dce75bf12a710d3be02731e87f649a5cbb36e08226e256a141bad91ba51cfbb9

  • SSDEEP

    12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZ:OZ1xuVVjfFoynPaVBUR8f+kN10EBX

Score
10/10
darkcometsazanevasionrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

127.0.0.1:1604

Mutex

DC_MUTEX-H33CPZ0

Attributes
  • gencode

    oUoFztxq4qF8

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies firewall policy service 2 TTPs 3 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe"
    1⤵
    • Modifies firewall policy service
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1224
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe" +s +h
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Windows\SysWOW64\attrib.exe
        attrib "C:\Users\Admin\AppData\Local\Temp\6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe" +s +h
        3⤵
        • Sets file to hidden
        • Views/modifies file attributes
        PID:2924
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Windows\SysWOW64\attrib.exe
        attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
        3⤵
        • Sets file to hidden
        • Views/modifies file attributes
        PID:2276

Network

    No results found
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
  • 127.0.0.1:1604
    6d6aceaf5c3f2d9c02d292c15e4ff3d6_JaffaCakes118.exe
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1224-0-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1224-1-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1224-3-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.