Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
11-11-2021 20:33
General
-
Target
81fafd7864aff9c218af9d3f9771756b5d1140562d356a201a4e7e8195091dbf.exe
-
Size
584KB
-
MD5
4f5ba907fb7eded6df1f11d4f0cca37c
-
SHA1
b62e01c7c755bc5817704a94784f82af26cd6d8d
-
SHA256
81fafd7864aff9c218af9d3f9771756b5d1140562d356a201a4e7e8195091dbf
-
SHA512
1705a9e15562f72b33dcc82ec25ba20347c361dffb6b975496e985212040adc1e939e6ea1d64110c729e9fe0a26a741476451b364e13987ffd0e04e2c020d7ea
Score
10/10
Malware Config
Extracted
Family
raccoon
Version
1.8.3-hotfix
Botnet
4557a7b982bafcd677193713fa5041fa32e7e61e
Attributes
-
url4cnc
http://91.219.236.162/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept
http://193.38.54.238/agrybirdsgamerept
http://74.119.192.122/agrybirdsgamerept
http://91.219.236.240/agrybirdsgamerept
rc4.plain
rc4.plain
Signatures
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\81fafd7864aff9c218af9d3f9771756b5d1140562d356a201a4e7e8195091dbf.exe"C:\Users\Admin\AppData\Local\Temp\81fafd7864aff9c218af9d3f9771756b5d1140562d356a201a4e7e8195091dbf.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 9602⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2968-118-0x0000000002C06000-0x0000000002C55000-memory.dmpFilesize
316KB
-
memory/2968-119-0x0000000004820000-0x00000000048AF000-memory.dmpFilesize
572KB
-
memory/2968-120-0x0000000000400000-0x0000000002B8A000-memory.dmpFilesize
39.5MB