darkcomet | 9bf4360c6f21158b01fdc6e8a3ec283f7729e10e455c19993d0108aacb1b932c

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Size

252KB
MD5

086d01c337455a675229686bfa5046d9
SHA1

5240e417aeaf7fcfff6b824f94f614422b53d1f6
SHA256

9bf4360c6f21158b01fdc6e8a3ec283f7729e10e455c19993d0108aacb1b932c
SHA512

6d1324f3372ba57a601ad964ff753d6be6539a12c5d105e029afc9558a3e57c9d6b8b3eabce3672ba6dcec53816cfab211761a845bcc1d65aee03a86f2efe7f4
SSDEEP

6144:8MIj4cyvzB0Njbee8IG7AsqIYR8PnNzyKWa+svnw:8MH7B/e8IGvqIYR8PnN2Kosvnw

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes:

086d01c337455a675229686bfa5046d9_JaffaCakes118.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeSecurityPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeBackupPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeRestorePrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeShutdownPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeDebugPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeUndockPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeImpersonatePrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: 33	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: 34	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: 35	1992	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\086d01c337455a675229686bfa5046d9_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/1992-1-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1992-2-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/1992-4-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/1992-7-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/1992-10-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download