Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

yooooooooo...oo.exe

windows7-x64

10

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2024, 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yooooooooooooooooooooooooooo.exe

  • Size

    658KB

  • MD5

    16970261ab090fc0df7e9124f9758d5c

  • SHA1

    04316b859eaa6b0894c5eb749a618ddc86d31ea5

  • SHA256

    8ecb10af9238d2b7b2739d8294d2d817e1c90e801787b39c353f24e955d7889d

  • SHA512

    31096688a7b24636eb39d21660a40749d26783ed90c279647bbb29a04bc2548bda9fe08a6f9d2de9a41802db3c9f3693fb68c6ddeb8daa3bf8b0ceb52578ec4c

  • SSDEEP

    12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hV:eZ1xuVVjfFoynPaVBUR8f+kN10EBD

Score
10/10
darkcometguest16_mindiscoverypersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

181.215.176.83:1604

Mutex

DCMIN_MUTEX-36BW6A0

Attributes
  • InstallPath

    DCSCMIN\IMDCSC.exe

  • gencode

    6NrT9l1sLVPo

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    DarkComet RAT

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\yooooooooooooooooooooooooooo.exe
    "C:\Users\Admin\AppData\Local\Temp\yooooooooooooooooooooooooooo.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe
      "C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\Documents\DCSCMIN\IMDCSC.exe
    Filesize

    658KB

    MD5

    16970261ab090fc0df7e9124f9758d5c

    SHA1

    04316b859eaa6b0894c5eb749a618ddc86d31ea5

    SHA256

    8ecb10af9238d2b7b2739d8294d2d817e1c90e801787b39c353f24e955d7889d

    SHA512

    31096688a7b24636eb39d21660a40749d26783ed90c279647bbb29a04bc2548bda9fe08a6f9d2de9a41802db3c9f3693fb68c6ddeb8daa3bf8b0ceb52578ec4c

    Download Submit

  • memory/1732-10-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1732-13-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1732-14-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1732-15-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2100-0-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2100-12-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download