Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27-11-2024 03:07
General
-
Target
a59685909758a4a3e67e388281687f43_JaffaCakes118.exe
-
Size
458KB
-
MD5
a59685909758a4a3e67e388281687f43
-
SHA1
d60c77cc7dc4e8e4e5e308ead18abb2a27a1fe7f
-
SHA256
2c5fd41a76afc0355b5602433a59ab5d3f80aba675300f89ea1212c0ff176cc7
-
SHA512
2f5f305800a1d45ca72dbd9dcf8bc05c305bf63e8391242c5bbe511ee131288ed9094be7fc9044fd3c52c2ddf5b7ace538777f372b218e32208cae332bfb48bd
-
SSDEEP
6144:HaKMSD4YuaeKp0yN90QEhdrsKqsirHD3Tm+UMsgg1M7YM0x/Q81AKw2xEQi8ZrO/:6K3D4lamy90rc1uxMi/Q81/w2KQdZ+B
Malware Config
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a59685909758a4a3e67e388281687f43_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a59685909758a4a3e67e388281687f43_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\aa.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\aa.exe2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
712KB
MD52789465fab199c0e81a17a3bd00292d6
SHA1e76767d78c648acc4f07eebc5dfde41ca8c9cd1c
SHA256778236585d63550bcdc97f0be16808872099d4a018bfaa15bdb026e41df2d4d0
SHA5124da6292bafdeed282afec6a0fc0ba3de9e061a54e3370d74ca822618afaaf79747c09c9a635325ee5fbc531769e3fd0a94ddb05f0a900ab70872acde1a25bbe1
-
Filesize
4KB
-
Filesize
768KB
-
Filesize
4KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB
-
Filesize
768KB