Analysis
-
max time kernel
329s -
max time network
316s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
03/10/2024, 00:54
General
-
Target
comet.exe
-
Size
3.9MB
-
MD5
ceda2dc431ae13c9aeabf728d5d092c3
-
SHA1
c8edf0316050bbf3f174bae89af7f1da5857bf96
-
SHA256
09220ce3108eebe0a80afe788145918e064df884f6b2c50d0da3863a461a1074
-
SHA512
78ff3970d2a1831b117a7eebf9f1bc64c1ecf95aff78eee9e5a81d7c52571b1dd4dbb5931cabf559816987e56473a95f86ba581408bc74ba535bb05860f02b9a
-
SSDEEP
98304:9ysR0ycpLTyD0sx0cB1x6aBW4m7FU48YcJ5:FOycpLTyDD0UXBWtWCc
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 41 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\comet.exe"C:\Users\Admin\AppData\Local\Temp\comet.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/HEgycSwwtF2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5be2a923c5355716248a706d479e4fcbd
SHA136bd149eaf9a4041a25419285f873f410a395010
SHA256ef545c9c59d00c008c6940ea19fb085a0b258907ee6de2a6b44226b293744714
SHA5128b43a472623408af2860f2abceeb1ab87daa6dac577aacae55f4d4aae114dce18c49fb79cf0e2231e3f458b7a9f70810df19f0d0a05306ec758d248d7ad1aa7e
-
Filesize
342B
MD54b7da3587db8ba8568d2160248706a83
SHA1b577daabaec7db5e04f5b4f08a6e581f23cd222b
SHA256fbcfd069cd5cc287356aec37ed9ab5fa3e55446bed3a81100053c373cdd3ea06
SHA512fc0d7fac2fc5b899e3864e14cf2dd093a52a27669240e7012d36796daf0212d3dda7df945b3beda45e13aea8f0042ede92587eb7a0a71062f5407fd47ff0c637
-
Filesize
342B
MD5199ff8185819736edaeaa2d38ab8d7c3
SHA17aa9615209e89f8f62ffddc9d61b739b6072f44d
SHA2568541479a15ae191626ffd7e1d3fab57793f2548fd6f829dadab79a1b9deb217f
SHA512aea166cb6ae46828d97f6da89d1acfd2373bc8ea3c2eeb35d7af090ad96412f353dfcf991f1841639eb7cd853f727da12f242f28379d5838c702c3395e91255b
-
Filesize
342B
MD5209e70dabd8051b48eaea97ff52784ed
SHA1162453f3ad695e8773d354513e3335d3c41a7f61
SHA256310cf26f6f39f2e989fc4236e2314ce5bface356267c2c245f434da3bf33f2c7
SHA5127c065532fc1adc4e766a113a3d575d1f44d768ad832183dd702890b1149bc2609183b22f9369c6e385906c5f1f81e2492394ae2a0add685416c1135f8faad6ae
-
Filesize
342B
MD5413a3f116cc8892d6aa8c10d59c3ea66
SHA1ec1e2e26ff0333256f488f9a91925e53cfbfcd02
SHA25649954822b434c63a8e69a782746a2572c64f50698ab1a2a9824d38509b60cc5b
SHA512238931a7dd506b67a6c1e62c8960b141859ec908c3740cd1ef0ce1f35a6f36eadad9a2d897d86ccfb485441d4699510e3a7f57b8ddc271c702701e99d3e87fca
-
Filesize
342B
MD5bd0bf6ee18d54b4e30d3f59ecf5b4aea
SHA13693c315c39efd28c697c89c686d4ff0361d56ed
SHA25655c279de1546d902fb539adbdc82c01cf794a4e611c85309d92c521a976969e3
SHA5124881eec10b56ede9feaa1b67d3054419fee2b2a24baf051e91936c0931b0f2d93f59bdddabc2f10dc530742f862de3467d7e383e396a8a95b050178755507e50
-
Filesize
342B
MD55764f2a857901da94a3aef7e49501cb9
SHA1d1520b051f34f5399a1a0c5f16eb778a6e02c122
SHA256f23a127dcd77beccfae5c75415f325218a37b5ee4cddfe38b3541c591b1fcf52
SHA5128a4686b42cc18999c4da652ae97f860d702038840576845e6f979ba1da71ba397365a0aaca2f177a6471601023f9e915508a7fc710a44b0a17bd07e1ae2f65f7
-
Filesize
342B
MD5ce558fc2541cd64085d8c921c8f2063c
SHA1d1826b0580441ee1acf722621812981e881968c8
SHA25649f1e9b3796732313b1d68b815370b5718f2c18d4663e705e729e15e6c35d757
SHA5120aaa18ff1c0ca670b0d4412a979e17a767684a70d84547d14d4e179e2fc8b33d891118f3258a45f356f4c639cd32f6772a4b325cd0022b2f254f88ca7a8773fc
-
Filesize
342B
MD52db1cbf032a465f5f6be1f495a542487
SHA156e3f366b88f515684fa4ad7db173ab3afebfe16
SHA256d4d3a9330f826cae7b132d026e25bb3dfe693d4ee88729ad611a5bcdc0fdea6e
SHA512284d742481f7a65f22b32f52fc1b5afe92a6d942f5199bb42e2575d9fe12dbbb345e23f437a1246c2bd1910c2cb063b6900c9fc290d188e3a0eb01dc130ba964
-
Filesize
342B
MD59d4d6d110811a160b031d521e389a03f
SHA115b837df5df7f6210f1081ae48d557ca616af32e
SHA2564b19dda7764d89913bbb2b7449aa776e821958f80d3dcc1df18fc74477b3bbf0
SHA51299752824bbd781952626483d1f5146fec0950b014d6ecc3f30a2725eed65e720f0aab95f2baf22befe8e6469c5e3b18b30774deec56afb39bccebd7b36bd06f9
-
Filesize
342B
MD57195b88e3a1c0e3db7373197556457fa
SHA12fff72662f53dfc4e3a66a13fecc88dd5effd258
SHA256229ca3140bbf966fe2e9cf686c98c9f897f12ea9a493f4de6534e633bf58b144
SHA512a7a88f3befdbffcff50f5d475a5b2809f5b6118d60ae66edfd73783d636881253dd638cc3e55200bc3e634c28758aeefdb360bcdbd87e35489841f3a97b034fe
-
Filesize
342B
MD542a6cc34d0a887a305bc9a4e278d69b2
SHA1cae4ed65821bad048a452e5753fbc7be0d16ac71
SHA25604dcf6e3d23e969f2e6ee571f0ef3af6981372648b8e65fb0e2c15dd0fecca36
SHA5125ea7a2c2aabb6249813ab1cedfac2812a30943e57dfde28e4d94ca36d53d25f9c6c13795dd9376b137a9b0738283d934df081e98fa754b6013cf07bd780afe1a
-
Filesize
342B
MD546d0dff1a5ba4e6353d46549cb30788d
SHA120c7bfd39a9ccd129fec32467ab3835551cc9baf
SHA256757b27c480ced29bce5da6b40953a2752018ed7827bc4d1e811e3a9ec1c457a3
SHA51286019b66916edc670d4664bad0ed680d2f60e4523b54e55afc3ab10fbb001abdaf61161e1b5b6cbe6501f1a4f3f7a8868444e1bbfe03035d490bff8ae4ceb4df
-
Filesize
342B
MD5d6a18bba03379fe953e75c768572c159
SHA11929e4b422bf2cabde1c6c22899d79ffd77e7a93
SHA2569d77a4bb0ca2c9f7a91311af4df9081355413d0da86f4e573ec0a1838f582292
SHA512889f1a5147a7dccbf598e9b93383107e41575bdd888839c710d72ac47b50129a67dfef3a7f9bd01333dfa4d83e7f4b140077fdac0be214382e88253c275866d1
-
Filesize
342B
MD554b34df77052e47a02d84d59fec7ad03
SHA1ddca5119027df0e405316d10554ac4f28e30539f
SHA25695022ad10141046d1af579c84cebaea8e1b7dc8eb8345f88cf9c5e6273bd23ae
SHA512241679ba72ba5f3cfbd8f571c78c6e9e655708134770c3fc0d78ee956eedf6a48d67ca37d3e6886072c2437d4de943615cf1f0e0cc54e35a413df4814bb049c4
-
Filesize
342B
MD537de40ee45e5dc779b2c7cee771b113a
SHA170abb00e27d367ad199818b11ac49e38c7ac5da8
SHA2564fa4db1e4d07a28157443b09e2cbb8f17bb030b29f4687da528889abca93fd5e
SHA512634a6d5c4e4c35ebeff477df91aced1388a0dcaf0f9727fe3c13111b2fca1979e9d416aa0a83d63142efe1485b5ad4cf0331dbd19f4120bc769fe2bf09b8fb66
-
Filesize
342B
MD550a1a72dd1b2e4e4a82441f349bdbf7e
SHA1dcf837a7e93c1be712ee8647b084b6d4e96ee055
SHA2565fcf62e8c665c51e4ef8bd103e844cac6af169c9ecb680ec8a7d6c67575e3327
SHA5124e6d653c83a00a2889b04a8356d0510235a3bf8b7e9a69db5724c033391114232867f7337d7ed38f5c1d3a27b9972996eb6bbe4d32c1108ae185fe228fe120fd
-
Filesize
342B
MD5b5993865c78668996f7b0da641927516
SHA19c6a46af2d6a42adb262b771ac0e9348cbaae62c
SHA256784711c3540d46134899f38fcc2f48c401526f7da0115765c70d7d06e455e3b0
SHA5124d486bf107b72fbac82b7efb33ed0b23c1835b7ce9e13d294efd27ef2d0d499fa6e8cbbb8a34bb8a9e3773923b35a35e00ad3eba04831cca03711e222cb9962c
-
Filesize
342B
MD506dc6f889368a38033a010a9d27d7997
SHA1fafb620a11de0f4caa5b70af27831d45271b68e2
SHA2561259dc96f52cea1692e2a4f49f3f4d688565f6605a634d9c24851397111069f7
SHA51299cfefb8b58deb486be38f7081c55eca2cccca0d060f7a5232b3ee3239df8439a1eb68b852937071f36f1f8c2402362b7d0b30bcb54415f354e15cec2aeb9db3
-
Filesize
342B
MD5f206532c894dfbdcceb1a942f87a2a5e
SHA1a907c02ac78c246d47d1631aaf0098f816235355
SHA2560ff0d19f21abd4a68049193a80a5984b6d78994e1f133a533eec9de7dffad0a7
SHA512f083eb5ccd2b4e268578d76acd8eeb6eba76240817d663fef599de92ed831ca885a714795ff5547d4b91014446b9644867cacfc841b7439b624b6cf95d868619
-
Filesize
342B
MD5c53032442681898c6b95ee7c578b7e2f
SHA1f1fb8ef20475c59a242498301eae248f40526468
SHA256a76af512a1f9b3de848437aa991e38b75993dc3f130f59a4643aa7491df26e87
SHA51220601a6105d88c8ee9dd3fed1db15805ce9bb94cbeb750ca728ac81e671fd0faf4db611c97bca831a7495c1e31db06590f33fb68485dd481b4f644ee39b4fbf5
-
Filesize
242B
MD5b6a03e013f57d2fcec18ddab2042d07e
SHA1dcfb59cb772362ca76f135c78b4c47f3a59260bc
SHA256dbd2f894c1e73d09b68870fb5d36f0bf1f2d66a33db765d2f569328c7ec24d90
SHA51227077c0a77e55962584605078a04740eb94fdf9c45d2746c5b078ed260fc77102d86d8f4d033851e8d24f8532aaa93b0966b12cad5188cfda59a8f933ed0a868
-
Filesize
24KB
MD53cb1b6dda22b2b42bf5bae401b5570c5
SHA106e9022b6b2115d114bfbdf575354f6741e3a4d9
SHA25629182e576deb09b6f9d6b18f88f58e34377cb629c31643ad9c2712385470936b
SHA512c31307ebe3f3e2d079881829b6735764ba5d804c8600a7c5ca69f66181a75035a92bac3e33f9ed08f3bd9de048fd06920e1b10f60871caa04d8565e4756012d9
-
Filesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
712KB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
2.1MB
-
Filesize
3.1MB
-
Filesize
6.9MB
-
Filesize
4.0MB