Overview

overview

10

Static

static

3

c4d2a516f4...e8.exe

windows7-x64

10

c4d2a516f4...e8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 03:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4d2a516f477955b84295a0fccaa65e8.exe

  • Size

    422KB

  • MD5

    c4d2a516f477955b84295a0fccaa65e8

  • SHA1

    e4117a0b5da7801a1333d059dfd1507e7108ef34

  • SHA256

    8fde287fb85261eb4310761676c383c77e0909b4f5af762e123d49242047b400

  • SHA512

    118cf8c0a4ae42b2ad2caf17abd5f941a110155d86fc0b38d04841e9bd1fbc64cf712697fe0e3a195f7e0f197cd3e5b6cc6998f5ec35d73668c237fa3b081c5b

  • SSDEEP

    6144:VvM4aB2X5oNrDYw9qXZGgZrQ91bHRnfkRakNn0HOe23ZmDBiww/G01oXFsI5/:RM4o85ouzZrQ91T574n3aBiww/N+ac

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 4 IoCs
  • Program crash 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4d2a516f477955b84295a0fccaa65e8.exe
    "C:\Users\Admin\AppData\Local\Temp\c4d2a516f477955b84295a0fccaa65e8.exe"
    1⤵
      PID:952
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 752
        2⤵
        • Program crash
        PID:3976
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 516
        2⤵
        • Program crash
        PID:4092
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 892
        2⤵
        • Program crash
        PID:740
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 912
        2⤵
        • Program crash
        PID:868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1056
        2⤵
        • Program crash
        PID:3548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1232
        2⤵
        • Program crash
        PID:5032
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 952 -ip 952
      1⤵
        PID:3984
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 952 -ip 952
        1⤵
          PID:4012
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 952 -ip 952
          1⤵
            PID:3524
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 952 -ip 952
            1⤵
              PID:3544
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 952 -ip 952
              1⤵
                PID:3520
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 952 -ip 952
                1⤵
                  PID:2480
                • C:\Windows\system32\rundll32.exe
                  "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
                  1⤵
                    PID:4532
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                    1⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2072

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/952-1-0x00000000020F0000-0x00000000021F0000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/952-2-0x0000000003A90000-0x0000000003B1F000-memory.dmp

                    Filesize

                    572KB

                    Download

                  • memory/952-3-0x0000000000400000-0x0000000001DB7000-memory.dmp

                    Filesize

                    25.7MB

                    Download

                  • memory/952-4-0x0000000000400000-0x0000000001DB7000-memory.dmp

                    Filesize

                    25.7MB

                    Download

                  • memory/952-6-0x00000000020F0000-0x00000000021F0000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/952-7-0x0000000003A90000-0x0000000003B1F000-memory.dmp

                    Filesize

                    572KB

                    Download

                  • memory/2072-20-0x000002C3F9D40000-0x000002C3F9D50000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2072-36-0x000002C3F9E40000-0x000002C3F9E50000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2072-52-0x000002C3FE140000-0x000002C3FE141000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2072-54-0x000002C3FE170000-0x000002C3FE171000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2072-55-0x000002C3FE170000-0x000002C3FE171000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2072-56-0x000002C3FE280000-0x000002C3FE281000-memory.dmp

                    Filesize

                    4KB

                    Download