Analysis
-
max time kernel
13s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-11-2020 16:07
General
-
Target
31ebf70c0732a64c43694b730caf77fc855ae295cfd747a665587506de4ae0a0.exe
-
Size
514KB
-
MD5
63bcd749000a7943d6264ac1e6ef6676
-
SHA1
52e89ce2ecbeb58ee3bba1b14967aed5a6e88801
-
SHA256
31ebf70c0732a64c43694b730caf77fc855ae295cfd747a665587506de4ae0a0
-
SHA512
fa6d594291a7919de28974f5b4f1bf2e92877b68aa91d773efe0f2b8ca25b78061b7a2c401bed558b721783d86759305ef65d62d5b054abf265c683c0d02e169
Score
10/10
Malware Config
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Program crash 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 70 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\31ebf70c0732a64c43694b730caf77fc855ae295cfd747a665587506de4ae0a0.exe"C:\Users\Admin\AppData\Local\Temp\31ebf70c0732a64c43694b730caf77fc855ae295cfd747a665587506de4ae0a0.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 7402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 8522⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 7402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 7282⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 11922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1308-79-0x00000000051B0000-0x00000000051B1000-memory.dmpFilesize
4KB
-
memory/1308-78-0x0000000004CC0000-0x0000000004CC1000-memory.dmpFilesize
4KB
-
memory/1308-75-0x00000000048C0000-0x00000000048C1000-memory.dmpFilesize
4KB
-
memory/1924-67-0x00000000041C0000-0x00000000041C1000-memory.dmpFilesize
4KB
-
memory/1924-70-0x0000000004700000-0x0000000004701000-memory.dmpFilesize
4KB
-
memory/2308-3-0x0000000004360000-0x0000000004361000-memory.dmpFilesize
4KB
-
memory/2308-5-0x0000000004790000-0x0000000004791000-memory.dmpFilesize
4KB
-
memory/2308-2-0x0000000004360000-0x0000000004361000-memory.dmpFilesize
4KB
-
memory/2504-10-0x00000000047E0000-0x00000000047E1000-memory.dmpFilesize
4KB
-
memory/2504-6-0x00000000043B0000-0x00000000043B1000-memory.dmpFilesize
4KB
-
memory/3760-61-0x00000000047E0000-0x00000000047E1000-memory.dmpFilesize
4KB
-
memory/3760-64-0x0000000004D10000-0x0000000004D11000-memory.dmpFilesize
4KB
-
memory/4004-71-0x0000000004360000-0x0000000004361000-memory.dmpFilesize
4KB
-
memory/4004-0-0x0000000002566000-0x0000000002567000-memory.dmpFilesize
4KB
-
memory/4004-1-0x0000000004260000-0x0000000004261000-memory.dmpFilesize
4KB