raccoon | 50ca22bad815ec837e9145bb7322e13989f2dd16a236268627d9098df28e68ba

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
17-11-2023 13:27

Target

66b045bac49f6e2c487b456981cc6477.exe
Size

473KB
MD5

66b045bac49f6e2c487b456981cc6477
SHA1

834524ab40413290c9ce6d16b9deaa443e3fe307
SHA256

50ca22bad815ec837e9145bb7322e13989f2dd16a236268627d9098df28e68ba
SHA512

da9ab9797dfecdeb4318a122a4acbcaa7c60899b36eb63bfa4cd1a1710f00e3e45edc25b84a5b651673f72b93d4be7222d6e203fcc30f9b330b5f1f4dd9a7219
SSDEEP

12288:Z0y/kAtFncvbzomo4mJy9xDqLh+a4dEs+N:ZT/kAtdcvIim2DqAa42s+N

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2172-10-0x0000000000400000-0x0000000000416000-memory.dmp	family_raccoon
behavioral1/memory/2172-13-0x0000000000400000-0x0000000000416000-memory.dmp	family_raccoon
behavioral1/memory/2172-16-0x0000000000400000-0x0000000000416000-memory.dmp	family_raccoon
behavioral1/memory/2172-17-0x0000000000400000-0x0000000000416000-memory.dmp	family_raccoon

Suspicious use of SetThreadContext 1 IoCs

Processes:

66b045bac49f6e2c487b456981cc6477.exe

description pid process target process

PID 2032 set thread context of 2172 2032 66b045bac49f6e2c487b456981cc6477.exe 66b045bac49f6e2c487b456981cc6477.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

66b045bac49f6e2c487b456981cc6477.exe

description pid process

Token: SeDebugPrivilege 2032 66b045bac49f6e2c487b456981cc6477.exe

description	pid	process	target process
PID 2032 set thread context of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe

description	pid	process
Token: SeDebugPrivilege	2032	66b045bac49f6e2c487b456981cc6477.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

66b045bac49f6e2c487b456981cc6477.exe

description	pid	process	target process
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe
PID 2032 wrote to memory of 2172	2032	66b045bac49f6e2c487b456981cc6477.exe	66b045bac49f6e2c487b456981cc6477.exe

C:\Users\Admin\AppData\Local\Temp\66b045bac49f6e2c487b456981cc6477.exe
C:\Users\Admin\AppData\Local\Temp\66b045bac49f6e2c487b456981cc6477.exe
2⤵
PID:2172

memory/2032-0-0x00000000012C0000-0x000000000133C000-memory.dmp

Filesize
496KB

Download
memory/2032-1-0x00000000746F0000-0x0000000074DDE000-memory.dmp

Filesize
6.9MB

Download
memory/2032-2-0x0000000000250000-0x000000000029C000-memory.dmp

Filesize
304KB

Download
memory/2032-3-0x0000000004AB0000-0x0000000004AF0000-memory.dmp

Filesize
256KB

Download
memory/2032-4-0x0000000000210000-0x0000000000244000-memory.dmp

Filesize
208KB

Download
memory/2032-5-0x00000000005F0000-0x0000000000624000-memory.dmp

Filesize
208KB

Download
memory/2032-6-0x0000000001220000-0x000000000126C000-memory.dmp

Filesize
304KB

Download
memory/2032-15-0x00000000746F0000-0x0000000074DDE000-memory.dmp

Filesize
6.9MB

Download
memory/2172-8-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2172-9-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2172-10-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2172-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2172-13-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2172-7-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2172-16-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2172-17-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download