Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    28/06/2024, 00:03 UTC

General

  • Target

    180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe

  • Size

    720KB

  • MD5

    180c7a68c5eb9b98021feb688aa95062

  • SHA1

    74af9fb10f210e0e16fd8ba6291d5e01d5e2a7f8

  • SHA256

    a0e0472f8c76a1b62ac3cb813a71c53444b0044c59b66f87263417755e7919aa

  • SHA512

    cefe61b35d95fc540ea6e9a7f96362b05ce6ba169aec76dc7fd0ee49202192bb2f99f1156bb69c8123bc29450bc11b8f7e7cdd3edf8a61d37c218ac8efef41ae

  • SSDEEP

    12288:cdhnReTN0liZ3fsT0zIY7lgG4meQg3vyAoCHtOhqRKbVfmdT1D/gy3m:shQp93fVIjGAb/yAbWBb8T1zgC

Score
10/10

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\180c7a68c5eb9b98021feb688aa95062_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 224
      2⤵
      • Program crash
      PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2924-0-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB

  • memory/2924-1-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.