Overview

overview

10

Static

static

3

6c9e9cc367...18.exe

windows7-x64

10

6c9e9cc367...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/10/2024, 01:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c9e9cc367698595e74d1ebb80488faa_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    6c9e9cc367698595e74d1ebb80488faa

  • SHA1

    d367f2c47f611939b97efb96bfaff69a048b5107

  • SHA256

    bd4419248eef2c6dd4f4a353b3b8cea834b58f34720f2c2b6208d3137131882e

  • SHA512

    3bb47ebe4a9ffdc18270ccd7b8e1110a02fe722a9c281ad5b5d2bc0e0623bec3412127b70f2be1dceafab5d52103aaebb6e6c4107406ea97eaaf1039febea956

  • SSDEEP

    12288:GeXWw5rArh3i/5hzJTIuN7w92L7FAQB+4H6IKZDIZLgsOnBCHuVSerxaE6Kka/wE:v/5eyPrFfi54HQDEL7qxnsU3SY

Score
10/10
darkcometdiscoveryrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 25 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c9e9cc367698595e74d1ebb80488faa_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6c9e9cc367698595e74d1ebb80488faa_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Users\Admin\AppData\Local\Temp\wVGepv4fIw0W3nl53.exe
      "C:\Users\Admin\AppData\Local\Temp\wVGepv4fIw0W3nl53.exe"
      2⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Windows\SysWOW64\explorer.exe
        "C:\Windows\SysWOW64\explorer.exe"
        3⤵
          PID:4052
      • C:\Users\Admin\AppData\Local\Temp\93dDu9MUySJlsggM8.exe
        "C:\Users\Admin\AppData\Local\Temp\93dDu9MUySJlsggM8.exe"
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2964

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\93dDu9MUySJlsggM8.exe
      Filesize

      679KB

      MD5

      605a171c61a0607bdcf6be80ed07cf95

      SHA1

      477d4391b0d84406127e43ead289a3596ac1e5e5

      SHA256

      09b78dc85713ca0f27f17d94c939cc606a59847c1f2b5cdd281b52a48cdaeab9

      SHA512

      3b32197d76951d0e1cd7043758af9b33be12b30c03df00a3ef36078205fa95b1582f65bdf4437a1b879a922d2950868e905bcd2227ce3816d5437556b103d338

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wVGepv4fIw0W3nl53.exe
      Filesize

      635KB

      MD5

      dac515e4995d35e9e96f745957040d4d

      SHA1

      56285d7669dc2686ccbfa6403d590cb5eb7c4f8c

      SHA256

      4e5f9fad34dcae36fda683d1c0517bac1d62d15ea30dc31cc46930801d048ec6

      SHA512

      68ae67edb6c50a8a36767d1efa413d60ebd6287e52b08ec9935e15b188fb04e5856537ba4d3d9fe27eb0ea59ca17a9dc712ce89ae7cd6b609cab5b41295102d5

      Download Submit

    • memory/1204-1-0x000000001BE70000-0x000000001BF16000-memory.dmp

      Filesize

      664KB

      Download

    • memory/1204-2-0x00007FFD8D920000-0x00007FFD8E2C1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1204-4-0x00007FFD8D920000-0x00007FFD8E2C1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1204-24-0x00007FFD8D920000-0x00007FFD8E2C1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1204-0-0x00007FFD8DBD5000-0x00007FFD8DBD6000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-29-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download

    • memory/3016-31-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-36-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-28-0x00000000022B0000-0x00000000022B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3016-32-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-33-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-34-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-35-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-30-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-37-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-38-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-39-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-40-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-41-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-42-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/3016-43-0x0000000000400000-0x00000000004B0000-memory.dmp

      Filesize

      704KB

      Download