Overview

overview

10

Static

static

3

00ae7ab4d6...23.exe

windows7-x64

10

00ae7ab4d6...23.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-06-2024 02:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00ae7ab4d6bf02d1358326df176f4023.exe

  • Size

    865KB

  • MD5

    00ae7ab4d6bf02d1358326df176f4023

  • SHA1

    9393861cafd77f244b18cfbeec8d405e3903267f

  • SHA256

    c6f046412481145ab7556d3d6bb390c286f6ab292833c57a3b6a3c570817483f

  • SHA512

    b266dd7755b806318645fa67c985f77093e60bbc67bf904f97991ce3f15bd7fd96389bbdef0c26e977d8ef7e4db7097af90d749d98fe75d2b9b3655f19dd0d00

  • SSDEEP

    24576:9ntlh2+wA42A4QRU2lW1ARbp2N9QNaGDlh3:9jA4a7iG3DlV

Score
10/10
darkcometrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00ae7ab4d6bf02d1358326df176f4023.exe
    "C:\Users\Admin\AppData\Local\Temp\00ae7ab4d6bf02d1358326df176f4023.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      2⤵
        PID:4480

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Scripting

    1
    T1064

    Persistence

    Privilege Escalation

    Defense Evasion

    Scripting

    1
    T1064

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2968-0-0x00007FFB164D5000-0x00007FFB164D6000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2968-2-0x000000001BD60000-0x000000001C22E000-memory.dmp
      Filesize

      4.8MB

      Download
    • memory/2968-1-0x00007FFB16220000-0x00007FFB16BC1000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/2968-3-0x000000001B7B0000-0x000000001B856000-memory.dmp
      Filesize

      664KB

      Download
    • memory/2968-4-0x000000001C2E0000-0x000000001C390000-memory.dmp
      Filesize

      704KB

      Download
    • memory/2968-5-0x00007FFB16220000-0x00007FFB16BC1000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/2968-7-0x00007FFB16220000-0x00007FFB16BC1000-memory.dmp
      Filesize

      9.6MB

      Download