darkcomet | 09403d8f2d60b6dbb8a812e28ace5bccaaa78738b9f464654799a95f1a6795a8

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
07-01-2025 20:25

Target

JaffaCakes118_7792829b8c72df2730f6af416964f90a.exe
Size

2.1MB
MD5

7792829b8c72df2730f6af416964f90a
SHA1

0fc70e62bab2a7b97a713e0d8be7608196d9a844
SHA256

09403d8f2d60b6dbb8a812e28ace5bccaaa78738b9f464654799a95f1a6795a8
SHA512

44889945acccfd07205b6d5a95f60c2546e2e203aa14426217f93d51357fc2491393bd24ba6dc98d0f062fc4cc4c5620d84bd174511739b5ab8b936cb8cca76d
SSDEEP

24576:QvXR1LZwd/FSH97vVtfAkJHGJj/k5djY0zO8tSK/ORWzCIKzBAl:i1LDRfh+j/k/rHS6jk+

Score

10^/10

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2616	2188	JaffaCakes118_7792829b8c72df2730f6af416964f90a.exe	30
PID 2188 wrote to memory of 2616	2188	JaffaCakes118_7792829b8c72df2730f6af416964f90a.exe	30
PID 2188 wrote to memory of 2616	2188	JaffaCakes118_7792829b8c72df2730f6af416964f90a.exe	30

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7792829b8c72df2730f6af416964f90a.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7792829b8c72df2730f6af416964f90a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2188 -s 520
  2⤵
  PID:2616

memory/2188-0-0x000007FEF5DD3000-0x000007FEF5DD4000-memory.dmp

Filesize
4KB

Download
memory/2188-1-0x0000000000F10000-0x0000000001124000-memory.dmp

Filesize
2.1MB

Download
memory/2188-2-0x0000000000DB0000-0x0000000000E6A000-memory.dmp

Filesize
744KB

Download