Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
02/02/2024, 07:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
88f6da211785d596af90571265f5cd62.exe
Resource
win7-20231215-en
3 signatures
150 seconds
General
-
Target
88f6da211785d596af90571265f5cd62.exe
-
Size
493KB
-
MD5
88f6da211785d596af90571265f5cd62
-
SHA1
999643fcbc76e120d2824b66d45d75bbb009a764
-
SHA256
70dbf04d21096d4275b351c6209290e2f8b12299224ef26cefbe97579ca8d201
-
SHA512
9924a2c7ac08a72ffaf7a69b4fd73d80cf7400bc2f5432d8d486c56129bfcd5092db0d6ff6aafca1346e582c50e77e05b3a0edf873e863d35c29b9be4b2b6354
-
SSDEEP
6144:Y/MynBEM5cH+DFVLGwP0tcBm+6BOQ/ExOGavAku5wJUFdhLjTSdji7knGyHM:Y/MyBh5jFbvc1IQsxOGHkpJUF/PmiI
Malware Config
Signatures
-
Raccoon Stealer V1 payload 3 IoCs
resource yara_rule behavioral2/memory/2400-2-0x0000000004950000-0x00000000049E3000-memory.dmp family_raccoon_v1 behavioral2/memory/2400-3-0x0000000000400000-0x0000000002CB2000-memory.dmp family_raccoon_v1 behavioral2/memory/2400-7-0x0000000004950000-0x00000000049E3000-memory.dmp family_raccoon_v1 -
Program crash 6 IoCs
pid pid_target Process procid_target 456 2400 WerFault.exe 14 556 2400 WerFault.exe 14 3312 2400 WerFault.exe 14 4280 2400 WerFault.exe 14 4588 2400 WerFault.exe 14 944 2400 WerFault.exe 14
Processes
-
C:\Users\Admin\AppData\Local\Temp\88f6da211785d596af90571265f5cd62.exe"C:\Users\Admin\AppData\Local\Temp\88f6da211785d596af90571265f5cd62.exe"1⤵PID:2400
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 7402⤵
- Program crash
PID:456
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 7802⤵
- Program crash
PID:556
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 8762⤵
- Program crash
PID:3312
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 8962⤵
- Program crash
PID:4280
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 11642⤵
- Program crash
PID:4588
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 12162⤵
- Program crash
PID:944
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2400 -ip 24001⤵PID:5000
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2400 -ip 24001⤵PID:2404
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2400 -ip 24001⤵PID:208
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2400 -ip 24001⤵PID:2908
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2400 -ip 24001⤵PID:5072
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2400 -ip 24001⤵PID:4356