Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01/02/2024, 11:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
86bcdfa605349d0f0bf37b03182293a7.exe
Resource
win7-20231215-en
3 signatures
150 seconds
General
-
Target
86bcdfa605349d0f0bf37b03182293a7.exe
-
Size
456KB
-
MD5
86bcdfa605349d0f0bf37b03182293a7
-
SHA1
3f22f8b5d54448c8d1a3207c310cef7c13cded68
-
SHA256
9d63d50505f69c1653c84333ea9e08974a740ce52be2626c39ac5f27565d765b
-
SHA512
48240ca0f37d02fa515fcd2872a34bb879f1ed487c32afa9edd83915776fda65d0a82af874e2c6a2f404108366e8d4ed5da08077d0c7afd88b8a80f66aa7628f
-
SSDEEP
12288:VxH4sPq9WO4eG2YL3Cy5NJPVNWGd/RSi0VEyGvcF:VxH4sPqMde6V5LjW8H0WS
Malware Config
Signatures
-
Raccoon Stealer V1 payload 4 IoCs
resource yara_rule behavioral2/memory/3236-2-0x0000000004A60000-0x0000000004AEF000-memory.dmp family_raccoon_v1 behavioral2/memory/3236-3-0x0000000000400000-0x0000000002D02000-memory.dmp family_raccoon_v1 behavioral2/memory/3236-4-0x0000000000400000-0x0000000002D02000-memory.dmp family_raccoon_v1 behavioral2/memory/3236-7-0x0000000004A60000-0x0000000004AEF000-memory.dmp family_raccoon_v1 -
Program crash 6 IoCs
pid pid_target Process procid_target 4888 3236 WerFault.exe 17 3336 3236 WerFault.exe 17 2872 3236 WerFault.exe 17 4364 3236 WerFault.exe 17 3416 3236 WerFault.exe 17 2312 3236 WerFault.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\86bcdfa605349d0f0bf37b03182293a7.exe"C:\Users\Admin\AppData\Local\Temp\86bcdfa605349d0f0bf37b03182293a7.exe"1⤵PID:3236
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 7402⤵
- Program crash
PID:4888
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 7762⤵
- Program crash
PID:3336
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 8962⤵
- Program crash
PID:2872
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 8682⤵
- Program crash
PID:4364
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 11642⤵
- Program crash
PID:3416
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 11722⤵
- Program crash
PID:2312
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3236 -ip 32361⤵PID:5000
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3236 -ip 32361⤵PID:1532
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3236 -ip 32361⤵PID:1488
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3236 -ip 32361⤵PID:768
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3236 -ip 32361⤵PID:2452
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3236 -ip 32361⤵PID:3652