Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
23/03/2025, 18:37
Behavioral task
behavioral1
Sample
JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe
Resource
win7-20240903-en
4 signatures
150 seconds
General
-
Target
JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe
-
Size
745KB
-
MD5
87d508a22f47c97a5b2ec61236f99b00
-
SHA1
9bb0875720b1e722f10dd2c0ff79bef8b49cb84a
-
SHA256
2f86db7106f852e5f02043136c7160989d6c817eed76000a253ad75cc7cfcf8c
-
SHA512
797263419b5ea8ec65b723812252267141b36b59cedf0b3259690b3848767650b3b354541fa746c3639c400b02459d87bf7b1762c8c58679a3fec0594015f688
-
SSDEEP
12288:c6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfh:xAmBpVKHu0Mu9Xo20VGLVP5
Malware Config
Extracted
Family
darkcomet
Botnet
test
C2
127.0.0.1:1604
Mutex
DC_MUTEX-7GHRCRH
Attributes
-
gencode
VKLv�aC*TpMc
-
install
false
-
offline_keylogger
false
-
persistence
false
rc4.plain
Signatures
-
Darkcomet family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeSecurityPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeTakeOwnershipPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeLoadDriverPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeSystemProfilePrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeSystemtimePrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeProfSingleProcessPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeIncBasePriorityPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeCreatePagefilePrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeBackupPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeRestorePrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeShutdownPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeDebugPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeSystemEnvironmentPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeChangeNotifyPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeRemoteShutdownPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeUndockPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeManageVolumePrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeImpersonatePrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: SeCreateGlobalPrivilege 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: 33 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: 34 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: 35 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe Token: 36 3024 JaffaCakes118_87d508a22f47c97a5b2ec61236f99b00.exe