Analysis

  • max time kernel
    94s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 19:25

General

  • Target

    647c163377ea98293d5310c5d25ac617_JaffaCakes118.exe

  • Size

    819KB

  • MD5

    647c163377ea98293d5310c5d25ac617

  • SHA1

    4f4714bca485714f44bce9bfdd69272ef4949bf4

  • SHA256

    d50819e1d99e2bcca9c72e2483887f3b1d01ccf37f22bc578279e442fa906fc9

  • SHA512

    f6d288c1d1ba2e9080aa3a0db9f60a24bf1a7106188ddc12285865bce1da670197d97916b6c38f7d3e0a9402c528f3086af36f9bcbea3c89119d05007fdcb4eb

  • SSDEEP

    24576:RZTcodGqOiRhibEA7EehnwrJqZwvdQQR:DQLqP3ysEkdv

Score
10/10

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\647c163377ea98293d5310c5d25ac617_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\647c163377ea98293d5310c5d25ac617_JaffaCakes118.exe"
    1⤵
      PID:2124
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 772
        2⤵
        • Program crash
        PID:3356
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2124 -ip 2124
      1⤵
        PID:2964

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\jI82l\PCGWIN32.LI5

        Filesize

        5KB

        MD5

        dfdde0e928843e42641c065b2c620c3f

        SHA1

        c9a4a93196919c30fa8d1e46e72b066825bcd52f

        SHA256

        1c62aef43f0d3230ee14b91f2e3c82567d80083cfad620a0e5fed826b82164ea

        SHA512

        7082752c7fa696456bbd093ba1a7238e3e5f7ba5a89036e1b105cc4d1660ab846f7c4cdce6e037e794ded3b83c5fa28dd3151ff9be3e529c60089efea4b63dde

      • C:\ProgramData\jI82l\PCGWIN32.LI5

        Filesize

        2KB

        MD5

        010d4096b38fe582c4d675253b8c83fe

        SHA1

        9a6e6708ad8d426fe3f46d86240f60653899f260

        SHA256

        a3af244941fd1624cff12bb7ad8706b19b71b49d164398da50011b1ce3a869dd

        SHA512

        ac926d0aed3a4fea1425083d78df08e3e99bb8480c0cb2a17c5da8f395ea566e53788a50951608db92c1951b7b8a0ba82aaf847aa170a1dd2d14c6e9f61d2f9b

      • memory/2124-0-0x0000000013140000-0x0000000013289000-memory.dmp

        Filesize

        1.3MB

      • memory/2124-42-0x0000000013140000-0x0000000013289000-memory.dmp

        Filesize

        1.3MB