Overview

overview

10

Static

static

3

Cometimagelogger.exe

windows7-x64

7

Cometimagelogger.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    72s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 05:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cometimagelogger.exe

  • Size

    31.3MB

  • MD5

    2cda34e9c924bd6af496bb3eb7222d62

  • SHA1

    0f94ea2df523ceec5647bad3799512d2367bde28

  • SHA256

    36813cc2bc7955467773e119bcd8a549e46fcb7078b2f5e0a3ba4b87b053f72c

  • SHA512

    44f44bc23373cd25413bd9a240a2807cfeac888dd49fc4a5e9e70ecc9b22832d4984bd0cf2f8b37a7c32a1e38d47a9d1e27667053816f93ec9249f7c9d4546c5

  • SSDEEP

    786432:l6IUvH5S3Eu62Urcq1JWq3rcbnXEuOzE4Geai3lgMAD5:l6IYH5y/ij1rU0uOzE4Xai1gM

Score
7/10
discoverypyinstaller

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cometimagelogger.exe
    "C:\Users\Admin\AppData\Local\Temp\Cometimagelogger.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Users\Admin\AppData\Local\Temp\Comet image logger.exe
      "C:\Users\Admin\AppData\Local\Temp\Comet image logger.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      PID:2160
    • C:\Users\Admin\AppData\Local\Temp\,.exe
      "C:\Users\Admin\AppData\Local\Temp\,.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2312
      • C:\Users\Admin\AppData\Local\Temp\,.exe
        "C:\Users\Admin\AppData\Local\Temp\,.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1592
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tenor (4).gif
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2016
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5de833d93cdb2fdbe8548e268b17ece3

    SHA1

    f4b54cf866212931c05aa637bbbe1d0ac04098c7

    SHA256

    07830e8b751aee3096c22cd748741284dfed5fedfff1d404fd5e9fa43a9bb764

    SHA512

    2f704c948edbc34f4bf1d7a8f02fafb4990a67d152cadc9ac3422cf671440d177d628f24b92bacec272ed9aa5ff5b4203db7c8b7d006406483cb2f8b497e1cca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e15ca68f064d7798d9c5fd597cee247

    SHA1

    59ba7508297c89facaddfd0c97fecf2ad8683a11

    SHA256

    fa7073c2c77c2a7185f5d63bdc650cd3cec160a5ae038460b1611253064ed304

    SHA512

    e5e2e51461c0670301fbd899397142907b59d2d73544bf220b740f0cec5bd7182b8ddc502e99e472ec798cb87383d67a404aa0212a89e4b987d4ccb771c12dde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6afd3a82477858acc2b3e2424a441e7d

    SHA1

    e65c37b69f05894cea14847d0d1ec5aa7f874139

    SHA256

    a66919cd823c2677f24ffacad8ec5f7beb391e83d4189ffb3ab5e6a3da43719c

    SHA512

    67fc0f26ceb9b4d1d368ee89b99aaa44f5112665ec5a065f852a8ede91bc87d245ea97736e610ef3365544ce61453740a9a364ec77daaff22278634fd515ad04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2805bb9ad2cf723902126d5235d3598

    SHA1

    0d32f6e160d8a49b1d53d9e907a607955cb461f8

    SHA256

    a04fb9cbe465e483589b959297ce09275d7f248199529024b90c4a8ea9ca89eb

    SHA512

    e6bacc553a2505cefa80c9a576a29c3340733d882f0b4baeef6e4b4bc7fadea776fce8564f0d974bc08aa73d46cfe063cc29655464a63a26f6d23e722f211e4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    683d8b89a1cb54c4cda827afe8f0c4e2

    SHA1

    8722f4791dffb06786ddaa1d0b07c331577d04d6

    SHA256

    7f987f62bfde164dffe5174abdd3066ed58e40d805da6f5ab4af638795dc8107

    SHA512

    71443df4e93f5ada6b248496fd03a4d0d2d4a28a05dfb6ce0cda54ffa9f396a510e1f3cde4b35cde98a8aed4a98f45159d85f202ceea28e99aa48dec33d6857a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0de608dc2c15e2598dd6d5f65ee9a7c4

    SHA1

    3ae3a3448f993d4e2ae29c5657e2155a385eb4f7

    SHA256

    b64cab4f1be42180e12846039504de371a92af3fcad47fe6aeba175d1d43b526

    SHA512

    358b33d43c852879dee364ea9c40b5cd6b06b8c236ccf8ffafc2a295c1d5fbd6ea05e78ded2cd7fd36391452bf8b01d9ec52d65143a9f3d5df5a41d0328b180c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37b1023b418bdd370c1b052163995a9d

    SHA1

    a7576e911a1a5ee4555466a8025e571a721400a7

    SHA256

    6cd056efabe2036d5b3207b5ba89c9700f23386e59cefbf71dac440045187751

    SHA512

    ad23e46c9f52f3b3bc25ad87517d2d48530571bdf147b8791dc7f657ebfab7bba943ccd97310928c470d76092bc3b1d56c9f1c3281fa1c3a662841665092131d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebe9d7cbd38c779748f2b9d697227cb6

    SHA1

    d48d695ed84b3739f2d0f2dd581c4787a1496b90

    SHA256

    8a9500ede47683cad004659225c175ca4c831d2f5e05327227b94c2b6dd37e52

    SHA512

    36109741cdeef3655993a2a5ce559aa1b99bcd11199f7e8d1dd549cadf9a23d0ab503b22404f6bdfc5340feec8dab3f70acb38a2f71be9ab4142172cb1a1c26c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4d24bba787da2c294bf60ce14d33d23

    SHA1

    38626b5108778decae926bc1480f4790ec52ae18

    SHA256

    697fb966ef7faecbb7e69a824d17388f430a34698d60945437e2619453ec3038

    SHA512

    af5b6e5d5fb54855808b97993933d0b5e982b60a21adf28c6a5e5ae4db3b9316bd89d297369ddb1b4e6e57f71d8ff479f4c4697e89dd20daff20965e2c5de668

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8381d0ea441bc2694eccd956f95abdd

    SHA1

    999952261cbbfb12c8244403acad37a24c3cea30

    SHA256

    d67c024efdb0bfa49a525baa1e559451a1f705e8038a7484c814f3410d156c10

    SHA512

    4c3de9b78bfa57875c3d8fa45ee921531edff548a911fbeb30cccbd38690b173622274d73ddac6b409059bb41918df59cb43d97fac94c7bf016daeba20ae888d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bddcf8090bb5d240d99dea2b20d9c58

    SHA1

    d4fe5443ddd961ebd69f88240cb442135f89361b

    SHA256

    ea51b9036ef83c5c6095ee48b95435dc4f6413f88c09effed9d84ca6da91ea82

    SHA512

    d94457af7cbdc762eee70de46b7b4afcaf8ce82721eb9a863b6009e633237ff25e23f77f57a0301d7dab33906c9bd88477866bf088034972958726d5bfbd5ee1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9368796dcc706f927bc3a7cbd4135cbf

    SHA1

    5abe76ba0242c333f7c5f75d804acb3129ca5752

    SHA256

    7e070c7cd90176deb085cb672e3975f61573646800f8d6f7176e151c5ce0c092

    SHA512

    c98b197efbd7528af39f5b85401c06f3eaa0a00bbf89c748a71d3a56d72a1b6732ea2f9a989ce1b9b337ca12a5ff64ef2a62ef6af4c9dff998016fcc312934b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad99b3cd90938c8c77c88c3c7fae07ad

    SHA1

    03e5caacadd615ef1b21b954d6541b5fe133eea5

    SHA256

    a473b6e17b312a99e1a7939b0cddcbab8bfc8586c03588c82d768abbba6b6d09

    SHA512

    563e53f01365b15edb5b7da240f74ec23b9a196177e6ecba9d7d08e189bde56ed9cbb89c17cdb86a763173e588d01d75021e0093517b68e3b10cf056fe625df8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    021bdb3fbdbae529386da3ad1148d921

    SHA1

    ac78905e4a6574db5846536d5a3cacc078fa95ee

    SHA256

    eb411ef427d0a0792ed089ce5b85087d17863f5453d75b50ad92fe79c435821d

    SHA512

    3120db36483dcdd9163ad66d8b8f89339390d14b56c6ef7e906209f93d9de0ea2ae56ae40df6319f294b5d09a192676b6933d1e07bc02be826867104f9ef7cd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87ebf4609056644c947ae828fa364a24

    SHA1

    d46129a2f0c1a0cc3905dd46eba598daa22dcf6e

    SHA256

    4a78472a1bcc46ccf88ade14b8b5fcd42f2392d99de5d9f8f3d1cecdc19ad005

    SHA512

    5c6d1923c65b0dc337a47ec25907d0f4d2e4ae827776b5ed1bdb8af413461164f286272daac8129510f9eb14f410a4c727e1e1b8dbfd1ad76a905e89f9d1f4e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf4d13544bb35d2807316e36a319499a

    SHA1

    70c58b9ca666df126d5e6b680f8fc9b73b62d8a9

    SHA256

    718ead68db1d539cf45ecc8f57fc61f4411091570c88f6b8f9963e7a229ce9c9

    SHA512

    e27c7309b9a2ffdd47a0a38bcec15bc600c58a0cda09e1e0cd0af4e5b5e61512c3cc1a79d2081366c235b8b8df0e5284cde4586615472b340ed8c278f891d439

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\,.exe
    Filesize

    15.2MB

    MD5

    4a8811f374f8455bf8848d5cdbe15b2b

    SHA1

    fe289c7e82af4fdf5cdacec7ed78c2899180a3e6

    SHA256

    c0449792325197ff37ce3f5e373ace685b4c5d74d356eee4f84c3cb3650f6525

    SHA512

    f5afc74cb29ea2ad8216abb958ee5870cea5cec16d1c45a2306d648a32e42a7415ddcfae8b8cc86e0fa9adcd39cc5a6387f99dded79574e9f780bf09edb976ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE13C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Comet image logger.exe
    Filesize

    1.4MB

    MD5

    7e2ba25825cc02a4885cf4d7b062f2d7

    SHA1

    3f2ad8608a3233d2a9951e8a014596afe49570c2

    SHA256

    2a55059adc3213426a0e540b3a58a61c43af173d1ee3a802cceb3d3b14299ec4

    SHA512

    f449e547cfe96a44a1ba8c3d1355de4df6db2a476b0b63d6794748be6b6abf3193903a8de326675e49dcd6b5fe8dc2ecf187460ec49b69aefe8aa5cc243f783f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE1DD.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI23122\python312.dll
    Filesize

    6.6MB

    MD5

    d521654d889666a0bc753320f071ef60

    SHA1

    5fd9b90c5d0527e53c199f94bad540c1e0985db6

    SHA256

    21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

    SHA512

    7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tenor (4).gif
    Filesize

    15.1MB

    MD5

    bac0f4c516db3edcf149b45e24ab8986

    SHA1

    ca9c70e42be841d4004b9235d2b6c7282954c222

    SHA256

    e07f6024b926567daec6dfec61cb9cb5dc8bd5e9a2323abda33ec6eef5d21aaa

    SHA512

    f108a19da13cb1386759c0e2b4c9b8d4021ce4ba82631a9eae18a0d54a78b0ddcd532cd2dad82fe7c2b7d9e5b20815932c717b6cfa78f5363f7d70a9c75281cb

    Download Submit

  • memory/2160-534-0x000000007463E000-0x000000007463F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2160-535-0x0000000074630000-0x0000000074D1E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2160-14-0x000000007463E000-0x000000007463F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2160-18-0x0000000000110000-0x000000000027A000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2160-66-0x0000000074630000-0x0000000074D1E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2568-4-0x000007FEF5F50000-0x000007FEF693C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2568-1-0x0000000000310000-0x0000000002266000-memory.dmp

    Filesize

    31.3MB

    Download

  • memory/2568-0-0x000007FEF5F53000-0x000007FEF5F54000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-19-0x000007FEF5F50000-0x000007FEF693C000-memory.dmp

    Filesize

    9.9MB

    Download