Overview

overview

10

Static

static

3

JaffaCakes...3a.exe

windows7-x64

3

JaffaCakes...3a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2025, 18:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_9084424159e638db3a727adc8c382a3a.exe

  • Size

    1.0MB

  • MD5

    9084424159e638db3a727adc8c382a3a

  • SHA1

    dda3efb1bb6317d8e01cf449ef925238ed7661e8

  • SHA256

    49b4b9c30d919d1ecf4f901b55fe8919543b2ac772bd3c392bdbbd925782d350

  • SHA512

    281e9f430d7268a225c6615129185a342033666fbf6a8f6977afd9039c49bae8e9201081897ddd694279c901cac2d79430e95f65a0eb314ce0b7b71676790f4c

  • SSDEEP

    24576:b11zIys+b2LikSnBPohHC6ND8CM/fkDmTeOt8JV:/fsBSnkC6a/cKTeL

Score
10/10
darkcometevo9discoverypersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

evo9

C2

benzin.no-ip.biz:101

Mutex

DC_MUTEX-67Y778R

Attributes
  • gencode

    7jY�m7/C145k

  • install

    false

  • offline_keylogger

    true

  • password

    1111

  • persistence

    false

rc4.plain

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9084424159e638db3a727adc8c382a3a.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9084424159e638db3a727adc8c382a3a.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5168
    • C:\Users\Admin\AppData\Roaming\Processname.exe
      C:\Users\Admin\AppData\Roaming\Processname.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4164
    • C:\Users\Admin\AppData\Roaming\Processname.exe
      C:\Users\Admin\AppData\Roaming\Processname.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4160
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\3 DEN VIDEO VREMENA.txt.sda.exe
    1⤵
      PID:464

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Processname.exe
      Filesize

      2KB

      MD5

      ad846e189dca2d7f91e65f36db8ae4e6

      SHA1

      3e48f1009087a28d598b9b4a8be3b16c1323e2a0

      SHA256

      bac8590d10b1ddb0df7cfaeaafbd011a82caf57de3bba0a5c40556c5f634c0f7

      SHA512

      f984e761a890460ce8e31f33017ecb4e268c478f215072d9920658c456ac56b0260d82fda50148252d6c7cb882d519dfaf38aa3814698c3f597f851af8588e3b

      Download Submit

    • memory/4160-26-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/4160-11-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/4160-19-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/4160-14-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/4164-27-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-29-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-18-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-6-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-16-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-54-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-52-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-24-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-23-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-22-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-50-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-21-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-30-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-10-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-48-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-32-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-34-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-36-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-38-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-40-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-42-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-44-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/4164-46-0x0000000000400000-0x00000000004B3000-memory.dmp

      Filesize

      716KB

      Download

    • memory/5168-0-0x0000000074882000-0x0000000074883000-memory.dmp

      Filesize

      4KB

      Download

    • memory/5168-2-0x0000000074880000-0x0000000074E31000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/5168-20-0x0000000074880000-0x0000000074E31000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/5168-1-0x0000000074880000-0x0000000074E31000-memory.dmp

      Filesize

      5.7MB

      Download