Overview

overview

10

Static

static

winprofile

windows7_x64

10

winprofile

windows10_x64

10

Analysis

  • max time kernel
    307s
  • max time network
    347s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-06-2022 03:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6dfd4a12437cf38a4ecdb24891dbff464602fcbe435cf6c15a643637d7f4e1b0.exe

  • Size

    7.4MB

  • MD5

    7ecdf36bd30c2d9653ea31b6baf32910

  • SHA1

    b1d6c01c397924f2324091261bb4f29156a58f0a

  • SHA256

    6dfd4a12437cf38a4ecdb24891dbff464602fcbe435cf6c15a643637d7f4e1b0

  • SHA512

    1c3402096ab086239e39931c1587ab7c31172faf6307aad396683e0ea7ec6df24f7dbc1b2307fa099fe5d66c592864563217aced68bb9a106978d8b1086b2c88

Score
10/10

Malware Config

Signatures

  • Raccoon ver2 3 IoCs

    Raccoon ver2.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6dfd4a12437cf38a4ecdb24891dbff464602fcbe435cf6c15a643637d7f4e1b0.exe
    "C:\Users\Admin\AppData\Local\Temp\6dfd4a12437cf38a4ecdb24891dbff464602fcbe435cf6c15a643637d7f4e1b0.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1772-54-0x0000000000FF0000-0x0000000001B70000-memory.dmp

    Filesize

    11.5MB

    Download

  • memory/1772-56-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1772-57-0x0000000000FF0000-0x0000000001B70000-memory.dmp

    Filesize

    11.5MB

    Download

  • memory/1772-58-0x0000000000FF0000-0x0000000001B70000-memory.dmp

    Filesize

    11.5MB

    Download