Overview

overview

10

Static

static

3

OriginalBuild.exe

windows7-x64

1

OriginalBuild.exe

windows10-1703-x64

10

OriginalBuild.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows10-1703_x64
  • resource
    win10-20230621-en
  • resource tags

    arch:x64arch:x86image:win10-20230621-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-06-2023 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OriginalBuild.exe

  • Size

    287KB

  • MD5

    29fbc03a62b38c10517ee8106f72f009

  • SHA1

    cf4f3a601b017bcf326224cd4350495f5a3fce4e

  • SHA256

    9fab5219010d1d94f0543a2425b0371625993342e587885cc6f06b10ef6fdae5

  • SHA512

    0364d326939331058c95ddadd609a947f450b8f1f290756ed39d94d0c82d7f2259317c11a2e5c367f0855606b895c3865dfdcec42f2e9dd4b06ca4e10c6d5054

  • SSDEEP

    6144:ZubqeBN9wzg4BVrUCOhPHf54oYePocjkRSZcJT:ZNEYOh/jwc1ZmT

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer payload 3 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 27 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OriginalBuild.exe
    "C:\Users\Admin\AppData\Local\Temp\OriginalBuild.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3752
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
        C:\Windows\Microsoft.NET/Framework/v4.0.30319/aspnet_compiler.exe
        3⤵
          PID:3620

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uchtkmtm.x11.ps1
      Filesize

      1B

      MD5

      c4ca4238a0b923820dcc509a6f75849b

      SHA1

      356a192b7913b04c54574d18c28d46e6395428ab

      SHA256

      6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

      SHA512

      4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

      Download Submit

    • memory/1864-120-0x00000000005B0000-0x00000000005FC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1864-121-0x00000000052B0000-0x00000000057AE000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/1864-122-0x0000000004E90000-0x0000000004F22000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1864-123-0x0000000004FF0000-0x0000000005000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1864-124-0x0000000004E30000-0x0000000004E3A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3620-204-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/3620-202-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/3620-200-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/3752-136-0x0000000008860000-0x00000000088AB000-memory.dmp

      Filesize

      300KB

      Download

    • memory/3752-191-0x000000000AD70000-0x000000000B3E8000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/3752-133-0x0000000008430000-0x0000000008496000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3752-134-0x00000000084D0000-0x0000000008820000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/3752-135-0x0000000008840000-0x000000000885C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/3752-131-0x00000000080D0000-0x00000000080F2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3752-130-0x0000000005000000-0x0000000005010000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3752-155-0x0000000008CD0000-0x0000000008D0C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3752-186-0x0000000009990000-0x0000000009A06000-memory.dmp

      Filesize

      472KB

      Download

    • memory/3752-132-0x0000000008350000-0x00000000083B6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3752-192-0x000000000A720000-0x000000000A73A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3752-193-0x0000000005000000-0x0000000005010000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3752-194-0x000000000AAC0000-0x000000000AAEE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3752-197-0x0000000005000000-0x0000000005010000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3752-198-0x0000000005000000-0x0000000005010000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3752-199-0x000000000ACB0000-0x000000000ACD2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3752-129-0x0000000005000000-0x0000000005010000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3752-128-0x0000000007A60000-0x0000000008088000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/3752-127-0x00000000073F0000-0x0000000007426000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3752-203-0x0000000005000000-0x0000000005010000-memory.dmp

      Filesize

      64KB

      Download