Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14-01-2025 08:47
General
-
Target
JaffaCakes118_39f7425bb6403292e579abe143142120.exe
-
Size
14.5MB
-
MD5
39f7425bb6403292e579abe143142120
-
SHA1
08432bf11a9de542f63e78b5cc9ebd732be1e987
-
SHA256
6a34fd171f800e79b2930a0a90f172b31026388b42e75cce5cc2727fb21d4166
-
SHA512
f7fc93d6dd58fa66bfb99332320fbbe2142fb07836acf7ee6049f2b75b7b66b59fece38ad82886513d74b875900d84590caab9a3d00c998c64fb691e4ff28256
-
SSDEEP
49152:uGVMvau5Hr0DXplhoQKao8C0ZXGXSbsAT07YfvxhRy4rgWF9NjWvTLX2i4dmdpst:
Malware Config
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Disables RegEdit via registry modification 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 11 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 6 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Maps connected drives based on registry 3 TTPs 9 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 6 IoCs
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies Internet Explorer Protected Mode 1 TTPs 2 IoCs
-
Modifies Internet Explorer Protected Mode Banner 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 41 IoCs
-
Modifies registry class 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 46 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 40 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39f7425bb6403292e579abe143142120.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39f7425bb6403292e579abe143142120.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\gamebooster22.exe"C:\Users\Admin\AppData\Local\Temp\gamebooster22.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\dllhosts.exe"C:\Users\Admin\AppData\Local\Temp\dllhosts.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Maps connected drives based on registry
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Modifies registry class
-
-
C:\Users\Admin\AppData\Local\Temp\service.exe"C:\Users\Admin\AppData\Local\Temp\service.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Maps connected drives based on registry
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\bpgbqexotwt.dll"4⤵
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Maps connected drives based on registry
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
-
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\crypteda.exeC:\Users\Admin\AppData\Local\Temp\\crypteda.exe3⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\SysWOW64\explorer.exe"4⤵
- Disables RegEdit via registry modification
- Checks BIOS information in registry
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD549731ecbec020ad3735f63b2a7f243e9
SHA197b49533d488c81792494ad3ac7ad0522382edee
SHA2569896615151610d7db5015f8728354c5f13841d8579dcacdd30881a53322dea85
SHA512e8d55a9a280a38276733ad1bbe1109eb5abfbee943ebe1115fe2b608294e54823a8ebd07f5dc684bdab881d91f2b9746b96a5db3f97c99fc2ba9ff99426a82c8
-
Filesize
342B
MD5a0d83aaca4323f208aa3f05081654200
SHA16789ead68e2c784a6808ac6691dcd3bcd3c05ffb
SHA256cda56e0d76ae06011d346d9ddbca90d16f2d19c4620db8705a4714057bf60d39
SHA512ab6b2d9611dfd1eae437987aa2030fe9fcca47479494be2c0b985aed1c17005a9f0c2e6af1f5d34aae8118c2417dbc019843bac8d4ee1b5083644e4978654de5
-
Filesize
342B
MD5fdefe3561af6e4e5c687075f7b17d798
SHA164d6f2c3f22eebe050681136fecd9c777182a722
SHA256e79a8a27514dee7d301b812f8c5de82199265e49ae1b6e11c34c637fdd99ba7c
SHA51273f373ad3489a54ab8fcc9e1130f514f8e48988517380e52243b9997447aaa2aaf771185c0564eccc282fcf54a0677b0916f0f785f29302a85a2392f51dbd13a
-
Filesize
342B
MD5148d93a5654e2bd9d783b1c43e86d09a
SHA1d6d8f34c38169fcac4e95e61fb47d5ce395e4f07
SHA256a3a91c83d0c5dd4956480437998dd0c47e7b0edbf564afa29605083c06e25aa1
SHA512ddc651ad32a5deccfe0dafb4d5badd9c03d147b0a3d849d575ebd79b295f5e83c947848a9c8a7ca9ca0a9fa01be022535f5fdd6900b6fc15cc992db354f38d83
-
Filesize
342B
MD5091050f5dabbafc7ff1bf39d98bcffe7
SHA142888ab55338bd365bfa2d20c9696b58616e8245
SHA256415e37aa1cbd67c2926fff0da791269f90f4b9c7c56a1329fa78c690f5ae6ccc
SHA51290f0073fce5297cb58ca3f92e41e6c30116d01c5486de6cc2e7cef3f1ac5eb6dec4ed7e830acd6df4119f9f9c81746e6f8c72ac9b8a2d18abe75c204c0480b31
-
Filesize
342B
MD52a7bc24c0a18819331d959fa27dce03e
SHA165cde2ef0fc6f82ae178493ea6a08fea5c13bfc0
SHA25617ca04a4e5519def91e2f859ccbf3a8cd7a99668f9e643c073a6edee568d9dab
SHA512e04bae6ad2af79a138d1e706bc8459286f2baded6502b710b7e9c9db411768fe839a53a91d4c597e762f577dacda6f71bbb4bea58565e49b23f64af352cf8bcd
-
Filesize
342B
MD57f9154389cf5b65729305181e5dca1e2
SHA1068797428d26aa7d3fa2693dde6d6230be44d766
SHA256e051e30d40b09a0635586f179560a09dd08167735cec95f56bc8c53c34cc8781
SHA5127be82a3e8407229cc41500725c29f1df47fab3d77cac453ae2f0b3988c7996e66af5687da76ecefe240adcbec3f3e3203bf3d40adb2e191ab8b789c1269bb0fa
-
Filesize
342B
MD5ececf6acdb7bf35895cc86be71eb01b2
SHA1cdd98ccc61a753653db44a16e56d8097d0490699
SHA256457672a74f88fd3f3dbd972fc8e0a71a0343eb46a55b6acda4e22ce3d94d6d21
SHA5126db218a12f3c0804755d8f9fb14cd008e72b203ffcabac9c646b2f8057f3a62a616d491f43ff0ab6c800e4d8d07f63a363ed955651116cfcf3573af8bfc8f715
-
Filesize
342B
MD56a2ee520ce2cb422cd436cfebda8b6a8
SHA15db7c89cc084378ae7a1c37d0dfbb360a837c348
SHA2563f1ed3992f0dd2db3702d44011217a24e3e99ea8d983becfcbd6287d17512ee4
SHA5123fc7cd3d138309612acab865afed84d08a544a1fd1f1f54d0bec7445abed44f4495341bf6df1d69fea6c0ceefe16fa1f6bc3c8425e74700cfb63e154f46b33fc
-
Filesize
342B
MD5407d9c9b7bfbe69023441944ccfb4840
SHA1a59a1ec924ca4b117a30e30b1f7539dc8fc3a174
SHA2563085422bc8f77d090db8caf08dfc89a02d4a271e46373cde857c75be98d61a34
SHA5121051889f899901a21bd892e9382bdb72b1d0b22ba3535cfbcd8e9de38d17a93d801b914436ce046aec9bc9a52300a730b75d14cdab0a9e9efd48dec8cf9bb6e0
-
Filesize
342B
MD5680406cefac33a62c55805f53ee7bbc4
SHA13e9834d1ccf2e06e13d53a80f36090a45a3fc8ce
SHA25668912c34ba29661a3819cab52821ff08c6c235f88ef4993fc18a390341f55855
SHA5124950798ab9ef5104981f775a0c3772e14dbe00000e18c1f619f3606caac848bb7969fa85cceff3831b3005a283b6691f4c7442fb68a93c26b45bc2cb9ea89e1d
-
Filesize
342B
MD56fef036d6078b1031e287b5f4ed4bd51
SHA19a2c7ba0dc6f889533d97acc352379df718b8497
SHA2564e43484c262633dfc11564af870bdc3397806ccd4d2926da4e192e5452705d95
SHA512e0d4942b14e1a1a666a8ed17f3a2cd22aa9c8f6a9b7a21e84809886174bdd66ae7a43da9e931c3460dbfe179ae8c27583aaf8c75833e3abdee0af5c6a69e92d7
-
Filesize
342B
MD58aa9de370fc195a37c7534edf5987809
SHA176f9d26a72b3be20ec2475ca817938ea1d332f1e
SHA25674ae267c0fffdd64537626ae65b96b7e5c488c8e9b064d7ef301a348e8d87744
SHA5122f50e48131a8b6f0f1c648e03efa1dfe2ebabe11cab6ccdf659c97f410b5101990a8297e321067adf692dcc1db876ad0a6abf19fd7d16dd6126ec1d2cb4fba3b
-
Filesize
342B
MD50cbb55b0c664199fa36c72cd4e101384
SHA19eafda78e0c40a7b5655511f2077ccd9bf82c795
SHA25625da36e0165e08f988ffb84ca3f75001a5353c06e0fac8cdd8e332eb1adfa15c
SHA512c8d59d0f17c249a7c7575e078c0ecced45a13769c73664539c7840fc60f4858619a98b58cb25844b1716b2480f184950edf7d80e7e4fe8bf5c461e2c397b1766
-
Filesize
342B
MD524e2e2292208fa904a82b6ed574921f3
SHA1e76a2d6c29a10d0c0d9762ba1d0ea58fdbe41c52
SHA2564dbd7824ee237b10724a0160864d529db3beadfbf873601fde2f80b26967c15d
SHA512ace6fc798f0c944853cfb67eec1dcc52978bc74950ac66dd7bdf02468fcb507cc6530aebfb2c12614d83d3cdb0058080e12d4992f867eb619b13b449b9276619
-
Filesize
342B
MD577c91145a5b9a0608cdd3dd6a5374169
SHA1f56fac6b2e57bd7111b85683e366e0b4d3eadb35
SHA25618b5d8ff30d11ff9665aefb74a2d8f68a343c64f676acf836225819c392ce33f
SHA51204970a13d6e9d50cdd108ecef43c1b32b04a8c25762cbefcf7cd88b9c08b834b59f89899c84ef925b693245022297211c7b32437d8ad6bf52e5adfe871562854
-
Filesize
342B
MD5f747d3d916b09baf13b607886d4e5813
SHA1f8aa1d80da2147c64849a6d1a2054d53ecd0f013
SHA25639c167f31ccb878223c88af74766d76f912ea7583efb83dd342b5bd1692508cc
SHA51260db45796a7809bddd7662f2a35d5c6c8f2445fe91245b641ae4792a6990836684632be2d4a225f8330cee4e90c4047889bef046fdec00a0ff2a77585859ae6b
-
Filesize
342B
MD511c8606f6be1baf05a424ec07a4e535c
SHA19e1f9d935a1cbfff490be7df0ba7e08a59585b77
SHA2563d2ca0b3de116edac6b01b4f7c5200c6ab57f62eff76dbf4cb59dd2ac10ebf9c
SHA51268f32c8e83f4170ce36d069f8d4ed868d77de332e3373adb343d3b81f3a6632d7bdfbfee048aa3204e3a36eee1a0e46ebe47f3e9d0b2f78e54f0d95cdbbc0686
-
Filesize
342B
MD5aed25dc0d94381555a93871b6b74c3f5
SHA1bae0b305159f6e0439dc0f5a3fdd24de5ac3e87e
SHA256b86bd263c6c857700ae39d3c1b801fc1e586dda59e75f1eb9d3fa022330c9cae
SHA512fdd700ac99a56b1b5dd876a1386b3bc97f5d4a9741b0ffc2628614c8a4d2560c058ecd78d4dab1b3c99b3d3d8afa8189c4b6d447a40fe091d6bbb9527451ce4c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
635KB
MD57ea8ba033be9eab3f53e495a03695bab
SHA164ab6fa6aed9585c799587122889485586e44a30
SHA2567c23f62eeec9d5829f8b03a3174f546c6e17575c4c63deac3b7bccd9aeae1abf
SHA512d64bcf78124e7177d704515c5a5a0c833068b47f22b38a11423f0fd0551bda4c5c5bf1ee64fa16e24164c6060f69acb02bd22c41397659e4db1130cd7e8a0d57
-
Filesize
9.1MB
MD59d8a036f892283de6965e6adc9fe100f
SHA189891541cc0fef548e6436e9cf4226775fa50695
SHA256994325d15857439f23158702fc8d4b7287c362d64968c9611571c2f7f1711a30
SHA5128b59b33158f7763c43817c1f1f50fe449873d54ca39de1775fa7b93b9d338ac6dec7c2aaf15ced514abbb01c1a7472e64d0f747433153b9cce481252bfcfb437
-
Filesize
364KB
MD5baa212c720a3572e7e8730226f509b94
SHA1a23106237aef2806862344fdd94a0e2a850f043c
SHA256091241e84448bd81f7d9fef699bcf4f464282756f9099bf449b6a92d4d806792
SHA512cc11f86bd575686e66f3f7f2228e41e0d2f4c0e2ba1968c1412ba89e8fab2845a1d4a1682ddd570496e9c13197c651023cef598ed714405b104e3180d73c9a39
-
Filesize
1.8MB
MD5e5e64d479d95d197d230804c0cea51bd
SHA10d01bb9040be7f37c4347df9291966d063b73fac
SHA256a6b1c7aaf9e2385f381f0d451eae634ea3e97af061ce62415e65a34ea66ad7b8
SHA512592a0140b97c91aff814023e94d6c8e559391ea3ecc2ffa9049823f8f311ac728f0b44874206c71c200840a998d8966f801c49954e2184f43ac959489bf7abf7
-
Filesize
2.1MB
MD50e926327553bc9cda2f136059247d340
SHA11940e79d35c113536451458ca9f4f4185b70cf74
SHA2562abbbe52d1f5eb888964f4cbe42f435ac9bafed959681c46130250904886b2aa
SHA5127402a7783fed908c30eead0ded031f00a0f1278443d149a28110e0cb24edfd4feb055f5fccbdc271914eefaec7474c3f441aea2718a8a195159e815edc38e347
-
Filesize
66KB
MD5b140459077c7c39be4bef249c2f84535
SHA1c56498241c2ddafb01961596da16d08d1b11cd35
SHA2560598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67
SHA512fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
17KB
MD588ad3fd90fc52ac3ee0441a38400a384
SHA108bc9e1f5951b54126b5c3c769e3eaed42f3d10b
SHA256e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42
SHA512359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb
-
Filesize
590KB
MD55e7b6d45694667484527bbe6b21e942b
SHA1d2493673eef8137e52b4cf0485fe31104f2bab97
SHA256a897e3c5f9b01fe2a678098ac564751f39f3d9895f0f9387376f5bc817853d92
SHA512fffc38ae483d34aa46fd6b6c4950b35a7d01e1cb1ff40fe5c14fb8397e93b748bbd11b1c9ec0d5ce0a3265664a1fb6af2567d505c45c9f5fa19c91855e3a9979
-
Filesize
2.5MB
MD5c9b662b22270e0283292f7c26d9c22a4
SHA1b066559a9be00d9b1f6937f3956c4ee64dc4dc28
SHA256148f681f8282e77f33d7e7d6b6c31971f2f755f1ce0b56274a540d641755241c
SHA512b192e6461186a10e5a7f92b94c0613b21b714ea76b7e5ae74f11ec9dfd3e4000e70837140e60b2eacc58163c61fe4657e4adc11635e32660659db8881f2cc3c5
-
Filesize
4KB
-
Filesize
704KB
-
Filesize
704KB
-
Filesize
704KB
-
Filesize
704KB
-
Filesize
704KB
-
Filesize
704KB
-
Filesize
704KB
-
Filesize
616KB
-
Filesize
8KB
-
Filesize
616KB
-
Filesize
616KB
-
Filesize
616KB
-
Filesize
616KB
-
Filesize
4KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
104KB
-
Filesize
616KB
-
Filesize
704KB