Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
15-11-2020 23:00
General
-
Target
b557b4af472ef5827704d4e22fcfc80751f4de5024a09b6d72c62827af963f9c.exe
-
Size
487KB
-
MD5
0a2025cfbd9c9fae89bb0163ec1fc8eb
-
SHA1
8b9d5262b31d8d0008765681a6e386597ce1b2e9
-
SHA256
b557b4af472ef5827704d4e22fcfc80751f4de5024a09b6d72c62827af963f9c
-
SHA512
7da2c4b7fdf12aef53bd4c8c6603530d84a7b5dde1f6d2ccbc8fa2a6da6d6e1aed405f3084a3933956c173720ead3b5278c6ff7791be7c06e13e660c0989b711
Score
10/10
Malware Config
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Program crash 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 84 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b557b4af472ef5827704d4e22fcfc80751f4de5024a09b6d72c62827af963f9c.exe"C:\Users\Admin\AppData\Local\Temp\b557b4af472ef5827704d4e22fcfc80751f4de5024a09b6d72c62827af963f9c.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 7402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 8122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 8922⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 8522⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 11882⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 12722⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/200-17-0x0000000005590000-0x0000000005591000-memory.dmpFilesize
4KB
-
memory/200-14-0x0000000005060000-0x0000000005061000-memory.dmpFilesize
4KB
-
memory/504-13-0x0000000004950000-0x0000000004951000-memory.dmpFilesize
4KB
-
memory/504-10-0x0000000004610000-0x0000000004611000-memory.dmpFilesize
4KB
-
memory/648-1-0x00000000012C0000-0x00000000012C1000-memory.dmpFilesize
4KB
-
memory/648-0-0x0000000000E1F000-0x0000000000E20000-memory.dmpFilesize
4KB
-
memory/1404-21-0x00000000058B0000-0x00000000058B1000-memory.dmpFilesize
4KB
-
memory/1404-18-0x0000000005080000-0x0000000005081000-memory.dmpFilesize
4KB
-
memory/2412-3-0x00000000049B0000-0x00000000049B1000-memory.dmpFilesize
4KB
-
memory/2412-5-0x0000000004EE0000-0x0000000004EE1000-memory.dmpFilesize
4KB
-
memory/2412-2-0x00000000049B0000-0x00000000049B1000-memory.dmpFilesize
4KB
-
memory/2724-22-0x0000000004610000-0x0000000004611000-memory.dmpFilesize
4KB
-
memory/2724-25-0x0000000004E40000-0x0000000004E41000-memory.dmpFilesize
4KB
-
memory/3768-9-0x00000000056E0000-0x00000000056E1000-memory.dmpFilesize
4KB
-
memory/3768-6-0x00000000051B0000-0x00000000051B1000-memory.dmpFilesize
4KB