Analysis
-
max time kernel
120s -
max time network
135s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
21-10-2021 21:51
General
-
Target
1de7604b0624601cdd60d79f15a882e912a3bfdd4c9ef220fa95e7bb350103b0.exe
-
Size
512KB
-
MD5
f367505aa21c0af4ce542306bc5f41fe
-
SHA1
15b2716c8abaf88d6b268271538a6cbb1148b933
-
SHA256
1de7604b0624601cdd60d79f15a882e912a3bfdd4c9ef220fa95e7bb350103b0
-
SHA512
32b40e45d02c240dc4a4c19699fe96d653e48dd2fedcc36690f869303aefacba417cc2756a293b8108ad086ff6ab6e5444a4d49794819a64c0245a75d12059d8
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
ac738e6383a48d6a74aeab7c52ebcd50f76032ee
Attributes
-
url4cnc
http://telegka.top/jdiamond13
http://telegin.top/jdiamond13
https://t.me/jdiamond13
rc4.plain
rc4.plain
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1de7604b0624601cdd60d79f15a882e912a3bfdd4c9ef220fa95e7bb350103b0.exe"C:\Users\Admin\AppData\Local\Temp\1de7604b0624601cdd60d79f15a882e912a3bfdd4c9ef220fa95e7bb350103b0.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 9602⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4088-116-0x00000000031D0000-0x000000000325E000-memory.dmpFilesize
568KB
-
memory/4088-115-0x0000000002F50000-0x000000000309A000-memory.dmpFilesize
1.3MB
-
memory/4088-117-0x0000000000400000-0x0000000002F47000-memory.dmpFilesize
43.3MB