Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-12-2024 02:16

General

  • Target

    d4c393507a98fe07e0a872bf22aa3837_JaffaCakes118.exe

  • Size

    660KB

  • MD5

    d4c393507a98fe07e0a872bf22aa3837

  • SHA1

    fa8bb6be17c45e540ffd11098e1e08ea0e2ab11e

  • SHA256

    a7d7a5d289345c19b4916b0f734b7b071b3ade2d752fddaf1c1a848ee33ef078

  • SHA512

    f30a9ddd12882716c3c24cbe8a35ab9b643079e0b9dc5b279e2d1f1ee7176acdd957df3f8b9b2c9b4987f7c8f312dd101865e1a72fdf57f4b67271de85934838

  • SSDEEP

    12288:OtHFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLd9Ek5C/h:KZ1xuVVjfFoynPaVBUR8f+kN1PEB

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Darkcomet family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4c393507a98fe07e0a872bf22aa3837_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d4c393507a98fe07e0a872bf22aa3837_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1260-0-0x0000000002280000-0x0000000002281000-memory.dmp

    Filesize

    4KB

  • memory/1260-2-0x0000000002280000-0x0000000002281000-memory.dmp

    Filesize

    4KB

  • memory/1260-1-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB