Analysis
-
max time kernel
102s -
max time network
136s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
17-04-2021 19:42
General
-
Target
SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe
-
Size
576KB
-
MD5
65e4738a2f6efef7cbaedd8b8796d412
-
SHA1
b8f47d8831f5a3caee60481e2e575c67cd0f28a2
-
SHA256
20c9ffeb623d11467dd18264df210fc313a19e5fa17a77738aba5f0d430d7ac0
-
SHA512
9d91ad3f39e68f7d94c9452a231f7043fbf7f6da8096523158c179c43f16de68017a866b106e847746fe776565263fc07973abe1b940f8a7be79f3da62ae0683
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
fe080c9bfcbe54ed632d9562ae158e815dbdc717
Attributes
-
url4cnc
https://telete.in/jdiamond13
rc4.plain
rc4.plain
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 11642⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/904-114-0x0000000003F40000-0x000000000408A000-memory.dmpFilesize
1.3MB
-
memory/904-115-0x0000000000400000-0x0000000003DF6000-memory.dmpFilesize
58.0MB