raccoon | 5d7545aed39d6e4579ab79537c3c8c398dd60b537a22130464d1c1151befa73c

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 23:16

Target

afb7fda7a97396a9f0401ad26d696057.exe
Size

504KB
MD5

afb7fda7a97396a9f0401ad26d696057
SHA1

dc9381c64de3f0bbdcc97eda482624b1ba6c6241
SHA256

5d7545aed39d6e4579ab79537c3c8c398dd60b537a22130464d1c1151befa73c
SHA512

bc695db89323bcda9f50d2412a6827390b3d5740a269f146a8d1f12b40c9755bfe157364059fdbfbf13caa3c479cd70d4a74426165ca65d1134490cdb210851f
SSDEEP

12288:rYU1k/SMK0I1aWTyjJJ/804z800OoSX93Chx0pII:rDk/g0wy9JBVPSNShFI

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/1876-2-0x0000000004A50000-0x0000000004AE3000-memory.dmp	family_raccoon_v1
behavioral2/memory/1876-3-0x0000000000400000-0x0000000002CB4000-memory.dmp	family_raccoon_v1
behavioral2/memory/1876-4-0x0000000000400000-0x0000000002CB4000-memory.dmp	family_raccoon_v1
behavioral2/memory/1876-7-0x0000000004A50000-0x0000000004AE3000-memory.dmp	family_raccoon_v1

Program crash 8 IoCs

pid	pid_target	Process	procid_target
1508	1876	WerFault.exe	86
632	1876	WerFault.exe	86
2604	1876	WerFault.exe	86
64	1876	WerFault.exe	86
4548	1876	WerFault.exe	86
2520	1876	WerFault.exe	86
3352	1876	WerFault.exe	86
2096	1876	WerFault.exe	86

C:\Users\Admin\AppData\Local\Temp\afb7fda7a97396a9f0401ad26d696057.exe
"C:\Users\Admin\AppData\Local\Temp\afb7fda7a97396a9f0401ad26d696057.exe"
1⤵
PID:1876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 740
  2⤵
  - Program crash
  PID:1508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 780
  2⤵
  - Program crash
  PID:632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 896
  2⤵
  - Program crash
  PID:2604
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 904
  2⤵
  - Program crash
  PID:64
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 932
  2⤵
  - Program crash
  PID:4548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 1188
  2⤵
  - Program crash
  PID:2520
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 1208
  2⤵
  - Program crash
  PID:3352
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 748
  2⤵
  - Program crash
  PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1876 -ip 1876
1⤵
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 1876 -ip 1876
1⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1876 -ip 1876
1⤵
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1876 -ip 1876
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1876 -ip 1876
1⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 1876 -ip 1876
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1876 -ip 1876
1⤵
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1876 -ip 1876
1⤵
PID:4636

memory/1876-1-0x0000000002F10000-0x0000000003010000-memory.dmp

Filesize
1024KB

Download
memory/1876-2-0x0000000004A50000-0x0000000004AE3000-memory.dmp

Filesize
588KB

Download
memory/1876-3-0x0000000000400000-0x0000000002CB4000-memory.dmp

Filesize
40.7MB

Download
memory/1876-4-0x0000000000400000-0x0000000002CB4000-memory.dmp

Filesize
40.7MB

Download
memory/1876-5-0x0000000002F10000-0x0000000003010000-memory.dmp

Filesize
1024KB

Download
memory/1876-7-0x0000000004A50000-0x0000000004AE3000-memory.dmp

Filesize
588KB

Download