Malware Analysis Report

2024-08-06 17:16

Sample ID 240624-nptt5atcnm
Target 0845de55c35f500267ce237f7e0e0646_JaffaCakes118
SHA256 20b34052f05c6ead3b3888d418f81df05df369e1e7a4cc3ef52b32b7dbf5535d
Tags
darkcomet guest16 rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

20b34052f05c6ead3b3888d418f81df05df369e1e7a4cc3ef52b32b7dbf5535d

Threat Level: Known bad

The file 0845de55c35f500267ce237f7e0e0646_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

darkcomet guest16 rat trojan

Darkcomet

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-24 11:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-24 11:34

Reported

2024-06-24 11:37

Platform

win7-20240508-en

Max time kernel

140s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0845de55c35f500267ce237f7e0e0646_JaffaCakes118.exe"

Signatures

Darkcomet

trojan rat darkcomet

Processes

C:\Users\Admin\AppData\Local\Temp\0845de55c35f500267ce237f7e0e0646_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\0845de55c35f500267ce237f7e0e0646_JaffaCakes118.exe"

Network

N/A

Files

memory/1224-0-0x0000000000400000-0x00000000004E4000-memory.dmp

memory/1224-6-0x0000000002090000-0x0000000002094000-memory.dmp

memory/1224-5-0x0000000002050000-0x0000000002051000-memory.dmp

memory/1224-4-0x0000000000200000-0x0000000000201000-memory.dmp

memory/1224-3-0x0000000000290000-0x0000000000291000-memory.dmp

memory/1224-2-0x0000000002030000-0x0000000002031000-memory.dmp

memory/1224-1-0x0000000001DD0000-0x0000000001E13000-memory.dmp

memory/1224-7-0x0000000000400000-0x00000000004E4000-memory.dmp

memory/1224-9-0x0000000001DD0000-0x0000000001E13000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-24 11:34

Reported

2024-06-24 11:37

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0845de55c35f500267ce237f7e0e0646_JaffaCakes118.exe"

Signatures

Darkcomet

trojan rat darkcomet

Processes

C:\Users\Admin\AppData\Local\Temp\0845de55c35f500267ce237f7e0e0646_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\0845de55c35f500267ce237f7e0e0646_JaffaCakes118.exe"

Network

Files

memory/1360-1-0x0000000002160000-0x00000000021A3000-memory.dmp

memory/1360-0-0x0000000000400000-0x00000000004E4000-memory.dmp

memory/1360-6-0x0000000002380000-0x0000000002384000-memory.dmp

memory/1360-5-0x0000000002340000-0x0000000002341000-memory.dmp

memory/1360-4-0x0000000002110000-0x0000000002111000-memory.dmp

memory/1360-3-0x0000000002120000-0x0000000002121000-memory.dmp

memory/1360-2-0x0000000002320000-0x0000000002321000-memory.dmp

memory/1360-7-0x0000000000400000-0x00000000004E4000-memory.dmp

memory/1360-9-0x0000000002160000-0x00000000021A3000-memory.dmp