Analysis
-
max time kernel
108s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01-02-2023 20:48
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Setup.exe
-
Size
464.2MB
-
MD5
b7acc6f593be4c46139172e407cd8a31
-
SHA1
c5da8ad87b48c9fb91737adcecb96c2b8f080d3f
-
SHA256
51f5d6c6f04596d1911c8b8c400b4c358f31c24f68e15a88b92532d96350f2b2
-
SHA512
0462ad8c7da7bad9b9a6e4c1814b12f78c7b927fe29265ef4ae5f7569930aebbe683bad6b206fcea2591b3d37031cf67cef64bdeb5de90edcf92c2caa3894827
-
SSDEEP
24576:0H/uo6PLM7WzcR9IMfmBm8Cvbgu7hkLXsZyJp:a104RjOt8A86
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
697fc5d9af6aa2a29510779d2fc54b97
C2
http://83.217.11.27/
http://83.217.11.28/
rc4.plain
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid process target process PID 2620 set thread context of 1340 2620 Setup.exe Setup.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
Setup.exedescription pid process target process PID 2620 wrote to memory of 1340 2620 Setup.exe Setup.exe PID 2620 wrote to memory of 1340 2620 Setup.exe Setup.exe PID 2620 wrote to memory of 1340 2620 Setup.exe Setup.exe PID 2620 wrote to memory of 1340 2620 Setup.exe Setup.exe PID 2620 wrote to memory of 1340 2620 Setup.exe Setup.exe PID 2620 wrote to memory of 1340 2620 Setup.exe Setup.exe PID 2620 wrote to memory of 1340 2620 Setup.exe Setup.exe PID 2620 wrote to memory of 1340 2620 Setup.exe Setup.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1340-137-0x0000000000000000-mapping.dmp
-
memory/1340-138-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/1340-140-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/1340-141-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/2620-132-0x0000000000670000-0x0000000000792000-memory.dmpFilesize
1.1MB
-
memory/2620-133-0x0000000005630000-0x0000000005BD4000-memory.dmpFilesize
5.6MB
-
memory/2620-134-0x0000000005140000-0x00000000051D2000-memory.dmpFilesize
584KB
-
memory/2620-135-0x0000000005280000-0x000000000531C000-memory.dmpFilesize
624KB
-
memory/2620-136-0x0000000005130000-0x000000000513A000-memory.dmpFilesize
40KB