86ffdda11652f7e00c5fc21eb9f2e97cad4453b5e467501bb1207d3ebb7781ea

Analysis

max time kernel
299s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2025, 10:20

Target

Darkcomet RAT 5.3.1/skins/mxskin50.skn
Size

33KB
MD5

90f39e32063cf0c53e3301054ef44123
SHA1

5b7729942c91adbcb3e07c7b6605032f3698cfd4
SHA256

6e6a66c668f9fc4909077a640b095021318daa2d76fdaec3ddc3e01e120f7792
SHA512

90f46e2f989ff0572a4a488ed64038c42d674cb48643c58ac83d56e7b39d50f7c8a3071ad290af05566a22b66b1f04e4fcfd51dfe94c333ff680106a009c990e
SSDEEP

768:5lNEcnq0lHNf8BTbMyRU3jb5XVvoU7t2j5uXRP39Qm:5lNEylhGbMyi3P5XR/t2j4XV33

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1388	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\skins\mxskin50.skn"
1⤵
- Modifies registry class
PID:4100

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact