darkcomet | df4f4eb46214fd191fee0ef3612a2ea02d51d1b66edef9df748e0e8b7e0c36df | Triage

Analysis

max time kernel
92s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 00:42

Sharing

Report Analysis Logs

General

Target

2a61555cb38f9426e175080f2b717cb4_JaffaCakes118.exe
Size

820KB
MD5

2a61555cb38f9426e175080f2b717cb4
SHA1

0f41991b4b9285d98155766615127dd787fedf5a
SHA256

df4f4eb46214fd191fee0ef3612a2ea02d51d1b66edef9df748e0e8b7e0c36df
SHA512

7bff6e26379b2a5414981e834dcdbd417bf73016f1e7242e089444438334c774a47eb57a09dd0d866c6f31507ec0ce6901dc0c7a8543afd2f81c295cd3d67fa2
SSDEEP

24576:s3nbWmJVJFwSddIXvfhqbiaxvRxq9qvzR:SamdZdcBYdbR

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1364	3008	WerFault.exe	81

C:\Users\Admin\AppData\Local\Temp\2a61555cb38f9426e175080f2b717cb4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2a61555cb38f9426e175080f2b717cb4_JaffaCakes118.exe"
1⤵
PID:3008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 548
  2⤵
  - Program crash
  PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3008 -ip 3008
1⤵
PID:4400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3008-0-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download