Analysis
-
max time kernel
101s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06-02-2023 20:20
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
file.exe
-
Size
637KB
-
MD5
eca4feba04eccc06945fbf8473b47fb6
-
SHA1
50de88877688aa47cbb51d775818e81cc0b2f5aa
-
SHA256
952156fe6b02ba6087be739100138cf82bd4afbc0663212911a2307b8bdd0850
-
SHA512
594b4d25928e62977a2ea26410b0376d1d86db91a1806f380565d7df936c7d291ee699f11f4fe08bf9fb5e50a37e91e48623276865f04cea8b010db140d21faa
-
SSDEEP
12288:2mbEKu7il2hsPb+HT0qE8S6S7ztLHKNu+A+/1bBc9xJPmH5x+dvs+0vLCX1mCwQx:2mbEKu6e8b8vOztLHKNu+A+/1bWFPBS0
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
79baa49d7baf0a462ea77cc305c9dc65
C2
http://78.47.92.58/
rc4.plain
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
file.exedescription pid process target process PID 4104 set thread context of 1152 4104 file.exe file.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
file.exedescription pid process target process PID 4104 wrote to memory of 1152 4104 file.exe file.exe PID 4104 wrote to memory of 1152 4104 file.exe file.exe PID 4104 wrote to memory of 1152 4104 file.exe file.exe PID 4104 wrote to memory of 1152 4104 file.exe file.exe PID 4104 wrote to memory of 1152 4104 file.exe file.exe PID 4104 wrote to memory of 1152 4104 file.exe file.exe PID 4104 wrote to memory of 1152 4104 file.exe file.exe PID 4104 wrote to memory of 1152 4104 file.exe file.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1152-137-0x0000000000000000-mapping.dmp
-
memory/1152-138-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/1152-140-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/1152-141-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/1152-142-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/4104-132-0x0000000000180000-0x0000000000226000-memory.dmpFilesize
664KB
-
memory/4104-133-0x00000000051C0000-0x0000000005764000-memory.dmpFilesize
5.6MB
-
memory/4104-134-0x0000000004CB0000-0x0000000004D42000-memory.dmpFilesize
584KB
-
memory/4104-135-0x0000000004D50000-0x0000000004DEC000-memory.dmpFilesize
624KB
-
memory/4104-136-0x0000000004BA0000-0x0000000004BAA000-memory.dmpFilesize
40KB