Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
06-11-2020 10:43
General
-
Target
1b68d0fff62f32755d80f8238b8b3bc71e0a02aab90414d772a9a0f78b4b512a.exe
-
Size
485KB
-
MD5
c10a3232a0a71e2186f5b113bd2afc4c
-
SHA1
f43baba21a25fe819b8114e947ef18508bcf711e
-
SHA256
1b68d0fff62f32755d80f8238b8b3bc71e0a02aab90414d772a9a0f78b4b512a
-
SHA512
72c454ac19c8213cc160c0f307ef6a94a68fd49279cc38341f3bf384420e13710790b6711bcf2ba7555b6dc6cf78e1cd6c63750cff9fafe3b79bb8bd327cf07a
Score
10/10
Malware Config
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Program crash 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 84 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b68d0fff62f32755d80f8238b8b3bc71e0a02aab90414d772a9a0f78b4b512a.exe"C:\Users\Admin\AppData\Local\Temp\1b68d0fff62f32755d80f8238b8b3bc71e0a02aab90414d772a9a0f78b4b512a.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 7322⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 8122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 8882⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 9282⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 11762⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 12322⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/192-17-0x0000000004B80000-0x0000000004B81000-memory.dmpFilesize
4KB
-
memory/192-14-0x0000000004550000-0x0000000004551000-memory.dmpFilesize
4KB
-
memory/496-6-0x0000000004A30000-0x0000000004A31000-memory.dmpFilesize
4KB
-
memory/636-1-0x00000000013D0000-0x00000000013D1000-memory.dmpFilesize
4KB
-
memory/636-0-0x0000000000E81000-0x0000000000E82000-memory.dmpFilesize
4KB
-
memory/2300-21-0x0000000005700000-0x0000000005701000-memory.dmpFilesize
4KB
-
memory/2300-18-0x0000000004D50000-0x0000000004D51000-memory.dmpFilesize
4KB
-
memory/2308-25-0x0000000004B50000-0x0000000004B51000-memory.dmpFilesize
4KB
-
memory/2308-22-0x0000000004220000-0x0000000004221000-memory.dmpFilesize
4KB
-
memory/3572-10-0x0000000004540000-0x0000000004541000-memory.dmpFilesize
4KB
-
memory/3572-13-0x0000000004A70000-0x0000000004A71000-memory.dmpFilesize
4KB
-
memory/4028-5-0x0000000005250000-0x0000000005251000-memory.dmpFilesize
4KB
-
memory/4028-3-0x0000000004D10000-0x0000000004D11000-memory.dmpFilesize
4KB
-
memory/4028-2-0x0000000004D10000-0x0000000004D11000-memory.dmpFilesize
4KB