Overview

overview

10

Static

static

10

cf04b79b61...18.exe

windows7-x64

10

cf04b79b61...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2024, 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf04b79b61ea0b8d0ca9149036410750_JaffaCakes118.exe

  • Size

    658KB

  • MD5

    cf04b79b61ea0b8d0ca9149036410750

  • SHA1

    fd0d4de0a5ab1a256e32876c3d9422b72f73a451

  • SHA256

    a9ff16ec8a7be32e0f6e16e0c98bef190e4c6cc002b1c88506d1721162503728

  • SHA512

    e566b1e4fb293b488b2304001e4e83d4548080516de70b2e6c67d2277eb48ddf85afaf8387b72a2d7a3d37b04c0f305078f5509018ec1189c5dc6f6c8adb65bc

  • SSDEEP

    12288:spwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIRG/:WwAcu99lPzvxP+Bsz2XjWTRMQckkIRG

Score
10/10
darkcometdiscoveryrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf04b79b61ea0b8d0ca9149036410750_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cf04b79b61ea0b8d0ca9149036410750_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2352-0-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download