darkcomet | 5a9ff38323353361118f9ffd23cbaf69fe175c8f394f173ebd2f1e2fb6f83200

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 10:38

Target

673d44c41ecdc161b3572ab538e3905a_JaffaCakes118.exe
Size

663KB
MD5

673d44c41ecdc161b3572ab538e3905a
SHA1

a02c55fcf6f8ce13fa7b37239bbe55862deef6e4
SHA256

5a9ff38323353361118f9ffd23cbaf69fe175c8f394f173ebd2f1e2fb6f83200
SHA512

6b8e40716c410815d265362875947aefca157f32640541032710085df143db121d88bb8c8f835c31fdeb8b01a0a6689f7fed07ad6b6016f78ce434aaed475683
SSDEEP

12288:DNSIw148R4UoImFp81FZi9NCRNRUHePjC71TBja7yqNa83hxqaMqy:DNtw148zoIap4gDCDRUciO7na83+dqy

Score

10^/10

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2456	2488	673d44c41ecdc161b3572ab538e3905a_JaffaCakes118.exe	30
PID 2488 wrote to memory of 2456	2488	673d44c41ecdc161b3572ab538e3905a_JaffaCakes118.exe	30
PID 2488 wrote to memory of 2456	2488	673d44c41ecdc161b3572ab538e3905a_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\673d44c41ecdc161b3572ab538e3905a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\673d44c41ecdc161b3572ab538e3905a_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2488 -s 524
  2⤵
  PID:2456

memory/2488-0-0x000007FEF56F3000-0x000007FEF56F4000-memory.dmp

Filesize
4KB

Download
memory/2488-1-0x00000000000B0000-0x000000000015C000-memory.dmp

Filesize
688KB

Download
memory/2488-2-0x0000000002190000-0x0000000002242000-memory.dmp

Filesize
712KB

Download
memory/2488-3-0x000007FEF56F3000-0x000007FEF56F4000-memory.dmp

Filesize
4KB

Download