darkcomet | 7df4c500bbbb1f05457bb7ec67c0ce68079cf5624f2d0abd1fb03451176769c4

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-11-2024 16:34

Target

848671a2c723751f6d07a877bed1a3ce_JaffaCakes118.exe
Size

1.7MB
MD5

848671a2c723751f6d07a877bed1a3ce
SHA1

f1e32c4790d3f36aeb3c5eab20b1d194e21fc8ea
SHA256

7df4c500bbbb1f05457bb7ec67c0ce68079cf5624f2d0abd1fb03451176769c4
SHA512

49b234b224cbaa64fd34b7914a2c080cc51b77d121639d1dc80d0482c28bebfa185e7561326183b196c784fe3fee49d578f0459f239c6259601179e5519c8fab
SSDEEP

24576:vElyxYn5DlpOy2rqtIXl++F5QD5Z54uUoCsmfWQVWoNoS/pQJOhO+sA+At:vElvndO4tqTQD5dUts01uUQUCA7

Score

10^/10

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet
Executes dropped EXE 1 IoCs

Processes:

file1.exe

pid process

1148 file1.exe

pid	process
1148	file1.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

848671a2c723751f6d07a877bed1a3ce_JaffaCakes118.exe

description	pid	process	target process
PID 2372 wrote to memory of 1148	2372	848671a2c723751f6d07a877bed1a3ce_JaffaCakes118.exe	file1.exe
PID 2372 wrote to memory of 1148	2372	848671a2c723751f6d07a877bed1a3ce_JaffaCakes118.exe	file1.exe
PID 2372 wrote to memory of 1148	2372	848671a2c723751f6d07a877bed1a3ce_JaffaCakes118.exe	file1.exe
PID 2372 wrote to memory of 1148	2372	848671a2c723751f6d07a877bed1a3ce_JaffaCakes118.exe	file1.exe

C:\Users\Admin\AppData\Local\Temp\848671a2c723751f6d07a877bed1a3ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\848671a2c723751f6d07a877bed1a3ce_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\file1.exe
  file1.exe
  2⤵
  - Executes dropped EXE
  PID:1148

C:\Users\Admin\AppData\Local\Temp\file1.exe

Filesize
843KB

MD5
1d5ea6df4c1793c707edfe81767a2d24

SHA1
8568bb0b3b87a8e1229f00a201a3f8b13eac95ff

SHA256
2353d9eba046c95a34fbd6391aded0d65c570282c28c7e01776d632590afe146

SHA512
6bf2e3ab59bc2b0187a752358e049d8bfe8177c5821810978536c45d8463d8f8438c825b03c3ecda4d6aedae097a669ec22852fef984c7a5716769415dda3de4

Download Submit
memory/1148-10-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2372-0-0x000007FEF615E000-0x000007FEF615F000-memory.dmp

Filesize
4KB

Download
memory/2372-1-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

Filesize
9.6MB

Download
memory/2372-2-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

Filesize
9.6MB

Download
memory/2372-3-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

Filesize
9.6MB

Download
memory/2372-11-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

Filesize
9.6MB

Download