Analysis
-
max time kernel
106s -
max time network
125s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 17:44
General
-
Target
0a960704c8bcb0ed112cfe822f2ddb664669ffbddbdc936eb57976949db0faf9.exe
-
Size
485KB
-
MD5
0188db2bc266f5a2ed558ead41ef284d
-
SHA1
3450f799120b5b03e24dd12224b162902c54b8a8
-
SHA256
0a960704c8bcb0ed112cfe822f2ddb664669ffbddbdc936eb57976949db0faf9
-
SHA512
920a3674f21162027553d398c66c808e283ea25990c6ef8852ed1265c2a85759322b5f0cc0355cca16a19abf89c30c616e476a336edfa4bafb238da59eb6b4b9
Score
10/10
Malware Config
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Program crash 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 84 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a960704c8bcb0ed112cfe822f2ddb664669ffbddbdc936eb57976949db0faf9.exe"C:\Users\Admin\AppData\Local\Temp\0a960704c8bcb0ed112cfe822f2ddb664669ffbddbdc936eb57976949db0faf9.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 7362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 8202⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 8242⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 8962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 11882⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 12002⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/712-13-0x0000000005780000-0x0000000005781000-memory.dmpFilesize
4KB
-
memory/712-10-0x0000000005050000-0x0000000005051000-memory.dmpFilesize
4KB
-
memory/1752-6-0x0000000004B40000-0x0000000004B41000-memory.dmpFilesize
4KB
-
memory/1752-9-0x0000000004F80000-0x0000000004F81000-memory.dmpFilesize
4KB
-
memory/1780-3-0x0000000004930000-0x0000000004931000-memory.dmpFilesize
4KB
-
memory/1780-5-0x0000000005060000-0x0000000005061000-memory.dmpFilesize
4KB
-
memory/1780-2-0x0000000004930000-0x0000000004931000-memory.dmpFilesize
4KB
-
memory/2056-22-0x0000000004CD0000-0x0000000004CD1000-memory.dmpFilesize
4KB
-
memory/2056-25-0x0000000005680000-0x0000000005681000-memory.dmpFilesize
4KB
-
memory/2208-0-0x0000000000C92000-0x0000000000C93000-memory.dmpFilesize
4KB
-
memory/2208-1-0x00000000013C0000-0x00000000013C1000-memory.dmpFilesize
4KB
-
memory/2804-14-0x0000000004180000-0x0000000004181000-memory.dmpFilesize
4KB
-
memory/2804-17-0x00000000048B0000-0x00000000048B1000-memory.dmpFilesize
4KB
-
memory/3944-18-0x0000000004180000-0x0000000004181000-memory.dmpFilesize
4KB
-
memory/3944-21-0x00000000049B0000-0x00000000049B1000-memory.dmpFilesize
4KB