Overview

overview

10

Static

static

10

JaffaCakes...72.exe

windows7-x64

10

JaffaCakes...72.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    0s
  • max time network
    2s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2025, 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_93b702eb9724c7807215f03a0d385972.exe

  • Size

    1.0MB

  • MD5

    93b702eb9724c7807215f03a0d385972

  • SHA1

    e88ca6933164506b90ce84c257b829b0712d1e5c

  • SHA256

    25fb0fd518f4ef665e5172858edcf8a5a1e2c3b3ebc652acb4c2d5db0aa11ffb

  • SHA512

    10d66002f12dafc978f04cab189f34592adf591e12ec8fe376b20e92eac4af16ce4f7077b5eb4da3c4e3e2314a7591cd6b5cf1cf4774353ddcfc1efdbf1c7d81

  • SSDEEP

    24576:y3nbWmJVJFwSddIXvfhqbiaxvRxq9t++RfQgcIyK:MamdZdcBYK++2/Ip

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

n3v3rm1nd.no-ip.biz:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    n%7hv#fmhy4.

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

rc4.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_93b702eb9724c7807215f03a0d385972.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_93b702eb9724c7807215f03a0d385972.exe"
    1⤵
      PID:2224
      • C:\Users\Admin\AppData\Local\Temp\2.exe
        "C:\Users\Admin\AppData\Local\Temp\2.exe"
        2⤵
          PID:1504
          • C:\Windows\MSDCSC\msdcsc.exe
            "C:\Windows\MSDCSC\msdcsc.exe"
            3⤵
              PID:2840

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\2.exe
          Filesize

          820KB

          MD5

          54aa80ff89470e969c4b6280dc44f4c9

          SHA1

          ecb64845601e6939a57503063f6173428337adde

          SHA256

          8b9b983fb01dce208871b4ea31064a244539b8d81ff462df8d1dda3dada5ea43

          SHA512

          8205eba0da482797a70aa3be6388f80e2850d2825388dff2a64250c9396b8912450143d6f475e81152d955eb25fd764a607cdd6762169ae41cfa73d79d81a76c

          Download Submit

        • \Windows\MSDCSC\msdcsc.exe
          Filesize

          45KB

          MD5

          c4bf3304c2102d83a262f0cc925a7791

          SHA1

          49d99bd4b61f276890e1265d0205b6ac8b7836d4

          SHA256

          48c5f3182123bca0378eb49fbe998c555750c48790fa1c97b6bab3f01a9c108a

          SHA512

          bcf9c4bf711983853edccfb98b2de605fe2ea6c4da64e10e67f41876f7196975d5a6811c9f696a91a140f96d8cb40911c2111e76276352a874ce35cec53b3b57

          Download Submit

        • memory/1504-13-0x0000000000260000-0x0000000000261000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2224-0-0x000007FEF64CE000-0x000007FEF64CF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2224-4-0x00000000007E0000-0x00000000007F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2224-3-0x000007FEF6210000-0x000007FEF6BAD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2224-10-0x000007FEF6210000-0x000007FEF6BAD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2224-12-0x000007FEF6210000-0x000007FEF6BAD000-memory.dmp

          Filesize

          9.6MB

          Download