Overview

overview

10

Static

static

3

bf390a8d21...10.exe

windows7-x64

10

bf390a8d21...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf390a8d219ef4f8214898737185cf10.exe

  • Size

    465KB

  • MD5

    bf390a8d219ef4f8214898737185cf10

  • SHA1

    40a8c683f302efa9bd29542ae67450a7ac8352af

  • SHA256

    11cad69f49f4e4cbcb1ca23081305be04fc1d681b3f8a4fcd05a5f58185c0557

  • SHA512

    e5c8a4275bf875822ed6eb175057834e592af4f5410d2565dc321abf00e445af4219a14409b8044bfb665061f712cd423c876d87599e2564a69a6d436e6a1794

  • SSDEEP

    6144:aMj2kbr9ZLO3qojFuO2uHkNdVXQXrN+glHYJKsP+kBimqtg1IUzhOROzJCi:nj2Ir9ZjoOXQp+g/mJqXAOHi

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 4 IoCs
  • Program crash 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf390a8d219ef4f8214898737185cf10.exe
    "C:\Users\Admin\AppData\Local\Temp\bf390a8d219ef4f8214898737185cf10.exe"
    1⤵
      PID:4444
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 744
        2⤵
        • Program crash
        PID:4324
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 752
        2⤵
        • Program crash
        PID:1220
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 776
        2⤵
        • Program crash
        PID:3324
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 888
        2⤵
        • Program crash
        PID:3940
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 1136
        2⤵
        • Program crash
        PID:1320
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 856
        2⤵
        • Program crash
        PID:2428
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4444 -ip 4444
      1⤵
        PID:4516
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4444 -ip 4444
        1⤵
          PID:2524
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4444 -ip 4444
          1⤵
            PID:2448
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4444 -ip 4444
            1⤵
              PID:1128
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4444 -ip 4444
              1⤵
                PID:948
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4444 -ip 4444
                1⤵
                  PID:4228

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/4444-1-0x0000000002F40000-0x0000000003040000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/4444-2-0x0000000002E60000-0x0000000002EF3000-memory.dmp

                  Filesize

                  588KB

                  Download

                • memory/4444-3-0x0000000000400000-0x0000000002CAA000-memory.dmp

                  Filesize

                  40.7MB

                  Download

                • memory/4444-4-0x0000000000400000-0x0000000002CAA000-memory.dmp

                  Filesize

                  40.7MB

                  Download

                • memory/4444-6-0x0000000002F40000-0x0000000003040000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/4444-7-0x0000000002E60000-0x0000000002EF3000-memory.dmp

                  Filesize

                  588KB

                  Download