Overview

overview

10

Static

static

10

43f13ec00b...08.exe

windows7-x64

10

43f13ec00b...08.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2023 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43f13ec00b6df87637b5863be3ffe01fc85947a8918f567c1713dd8a4d6ba908.exe

  • Size

    8.4MB

  • MD5

    dcbe1dec97959e20853fd760b6900c01

  • SHA1

    e8429524690350ca306badc5db81fa1e4c8becf1

  • SHA256

    43f13ec00b6df87637b5863be3ffe01fc85947a8918f567c1713dd8a4d6ba908

  • SHA512

    c27b6f7d2d15228dd7bf5ffb996b4e4c800758114fad653ea6107605b23d73184b78ef410eee422ea5668a431c949c913ae17ded5de2760f61b436336436b013

  • SSDEEP

    98304:AnEzmlSLRyvNFTeM9jgDubUynvFq5xS8Rr7pLfZNlT3/Msj:AES2Ryv/TU6bnvARr77/Msj

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • .NET Reactor proctector 36 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43f13ec00b6df87637b5863be3ffe01fc85947a8918f567c1713dd8a4d6ba908.exe
    "C:\Users\Admin\AppData\Local\Temp\43f13ec00b6df87637b5863be3ffe01fc85947a8918f567c1713dd8a4d6ba908.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
        PID:1824

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/628-54-0x0000000000CE0000-0x0000000001556000-memory.dmp

      Filesize

      8.5MB

      Download

    • memory/628-55-0x00000000003F0000-0x000000000047E000-memory.dmp

      Filesize

      568KB

      Download

    • memory/628-57-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-59-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-56-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-61-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-63-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-65-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-67-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-71-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-70-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/628-73-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-69-0x000000001B590000-0x000000001B610000-memory.dmp

      Filesize

      512KB

      Download

    • memory/628-75-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-77-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-79-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-81-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-83-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-85-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-87-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-89-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-91-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-93-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-95-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-97-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-99-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-101-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-103-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-105-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-107-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-109-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-111-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-113-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-115-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-117-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-119-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-121-0x00000000003F0000-0x0000000000478000-memory.dmp

      Filesize

      544KB

      Download

    • memory/628-1522-0x0000000000A10000-0x0000000000A11000-memory.dmp

      Filesize

      4KB

      Download