Analysis
-
max time kernel
63s -
max time network
135s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
20-10-2021 21:13
General
-
Target
f22759e8354d5cfd58305df166bd03b0d1fa2bd8620e5187d6bb558ffdba830d.exe
-
Size
590KB
-
MD5
2ca517b1c478287527fe49295f6adf1b
-
SHA1
6638fa213eec364356bd7f5eb153a20435d5e2a3
-
SHA256
f22759e8354d5cfd58305df166bd03b0d1fa2bd8620e5187d6bb558ffdba830d
-
SHA512
4dd0ff51f90ef48ae91a672bdd211d25da059f8abd17ce2b69250090225a2c87c399cee0f65c71d8551e624e479d96ab12783345f32722afe4af1e65c5892e7d
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
887a0ffaca448362277f2227182491216b734133
Attributes
-
url4cnc
http://telegka.top/jdiamond13
http://telegin.top/jdiamond13
https://t.me/jdiamond13
rc4.plain
rc4.plain
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f22759e8354d5cfd58305df166bd03b0d1fa2bd8620e5187d6bb558ffdba830d.exe"C:\Users\Admin\AppData\Local\Temp\f22759e8354d5cfd58305df166bd03b0d1fa2bd8620e5187d6bb558ffdba830d.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 9362⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2136-115-0x0000000003011000-0x0000000003060000-memory.dmpFilesize
316KB
-
memory/2136-117-0x0000000000400000-0x0000000002DEA000-memory.dmpFilesize
41.9MB
-
memory/2136-116-0x0000000002ED0000-0x000000000301A000-memory.dmpFilesize
1.3MB