Analysis
-
max time kernel
114s -
max time network
124s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
02-11-2021 20:31
General
-
Target
a4fd59098277d72eb33c312e8452857e7c982c44eb92271106ef327a5e3f679a.exe
-
Size
424KB
-
MD5
b1864d00567198afd607a4f516206069
-
SHA1
cba39325bde67688cb0b1b32b0f98fdc44bdea82
-
SHA256
a4fd59098277d72eb33c312e8452857e7c982c44eb92271106ef327a5e3f679a
-
SHA512
8fdf19ba56fa57f4a4c658d95eb4cf3fa013d42892066b5f9f3b7725d541b567077d2aec2b2caac349279681f6e8a6024c5da10d44c05c1e750450f748fd269f
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
68e2d75238f7c69859792d206401b6bde2b2515c
Attributes
-
url4cnc
http://telegalive.top/agrybirdsgamerept
http://toptelete.top/agrybirdsgamerept
http://telegraf.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept
rc4.plain
rc4.plain
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4fd59098277d72eb33c312e8452857e7c982c44eb92271106ef327a5e3f679a.exe"C:\Users\Admin\AppData\Local\Temp\a4fd59098277d72eb33c312e8452857e7c982c44eb92271106ef327a5e3f679a.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 12282⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2732-115-0x0000000002110000-0x000000000215E000-memory.dmpFilesize
312KB
-
memory/2732-116-0x0000000002160000-0x00000000021EE000-memory.dmpFilesize
568KB
-
memory/2732-117-0x0000000000400000-0x0000000000491000-memory.dmpFilesize
580KB