Analysis
-
max time kernel
16s -
max time network
142s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 17:44
General
-
Target
fa882656b3c12487dcc6f9e1c53bd114d98e52b95d6fe0ddd95c53713bf12341.exe
-
Size
514KB
-
MD5
1c43492c0cc66c8377ee32afea32ca95
-
SHA1
75e62855d149c769a2f966b8cc79c3ccdcad7ba5
-
SHA256
fa882656b3c12487dcc6f9e1c53bd114d98e52b95d6fe0ddd95c53713bf12341
-
SHA512
3e8749de4d25f2ae7855ae4b8736d6cb864dff79216422dd67cad14dabeadce2e8807ea78d9b72d8c70d44438d14f8fb15df5375f780d04116f26d6237ef784c
Score
10/10
Malware Config
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Program crash 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 84 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fa882656b3c12487dcc6f9e1c53bd114d98e52b95d6fe0ddd95c53713bf12341.exe"C:\Users\Admin\AppData\Local\Temp\fa882656b3c12487dcc6f9e1c53bd114d98e52b95d6fe0ddd95c53713bf12341.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 7402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 8522⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 7162⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 8722⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 11922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 11682⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/552-25-0x00000000050C0000-0x00000000050C1000-memory.dmpFilesize
4KB
-
memory/552-22-0x0000000004810000-0x0000000004811000-memory.dmpFilesize
4KB
-
memory/724-6-0x00000000043B0000-0x00000000043B1000-memory.dmpFilesize
4KB
-
memory/724-9-0x00000000049E0000-0x00000000049E1000-memory.dmpFilesize
4KB
-
memory/3300-10-0x0000000004E10000-0x0000000004E11000-memory.dmpFilesize
4KB
-
memory/3548-3-0x0000000004C70000-0x0000000004C71000-memory.dmpFilesize
4KB
-
memory/3548-5-0x00000000051A0000-0x00000000051A1000-memory.dmpFilesize
4KB
-
memory/3548-2-0x0000000004C70000-0x0000000004C71000-memory.dmpFilesize
4KB
-
memory/4028-14-0x0000000005000000-0x0000000005001000-memory.dmpFilesize
4KB
-
memory/4028-17-0x0000000005430000-0x0000000005431000-memory.dmpFilesize
4KB
-
memory/4228-18-0x0000000004AE0000-0x0000000004AE1000-memory.dmpFilesize
4KB
-
memory/4228-21-0x0000000005390000-0x0000000005391000-memory.dmpFilesize
4KB
-
memory/4708-0-0x0000000002446000-0x0000000002447000-memory.dmpFilesize
4KB
-
memory/4708-1-0x00000000042C0000-0x00000000042C1000-memory.dmpFilesize
4KB