darkcomet | 9bf4360c6f21158b01fdc6e8a3ec283f7729e10e455c19993d0108aacb1b932c

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Size

252KB
MD5

086d01c337455a675229686bfa5046d9
SHA1

5240e417aeaf7fcfff6b824f94f614422b53d1f6
SHA256

9bf4360c6f21158b01fdc6e8a3ec283f7729e10e455c19993d0108aacb1b932c
SHA512

6d1324f3372ba57a601ad964ff753d6be6539a12c5d105e029afc9558a3e57c9d6b8b3eabce3672ba6dcec53816cfab211761a845bcc1d65aee03a86f2efe7f4
SSDEEP

6144:8MIj4cyvzB0Njbee8IG7AsqIYR8PnNzyKWa+svnw:8MH7B/e8IGvqIYR8PnN2Kosvnw

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious use of AdjustPrivilegeToken 24 IoCs

Processes:

086d01c337455a675229686bfa5046d9_JaffaCakes118.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeSecurityPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeSystemtimePrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeBackupPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeRestorePrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeShutdownPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeDebugPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeUndockPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeImpersonatePrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: 33	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: 34	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: 35	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
Token: 36	4560	086d01c337455a675229686bfa5046d9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\086d01c337455a675229686bfa5046d9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\086d01c337455a675229686bfa5046d9_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4560-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-1-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/4560-2-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-3-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-4-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-6-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-8-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-11-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-12-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-13-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-14-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/4560-15-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download