raccoon | db99c0aef3016fe2ea6d3172f4493775270a13a177af4ce19a2c56fa95096737

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 08:20

Target

c82528b8a7642c9f68cbe6d9b84e5fa2.exe
Size

429KB
MD5

c82528b8a7642c9f68cbe6d9b84e5fa2
SHA1

2bd85d40e3c6e2fa47481a411d50719f024f48bf
SHA256

db99c0aef3016fe2ea6d3172f4493775270a13a177af4ce19a2c56fa95096737
SHA512

e1137e20b6fb36cf36838c3bdf0e8cc4dae68df0b4de82d9e6fa97a4e27821d4b8881aad85c827136029c07120fff8d461810af5690dfce7954bc2bd7569c8b6
SSDEEP

12288:Wa3D6eQWZhdC1lh0eD4/vdZFXqOss3/7:WuO+D+/0fZVxP7

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/2992-2-0x0000000004950000-0x00000000049DF000-memory.dmp	family_raccoon_v1
behavioral2/memory/2992-3-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/2992-7-0x0000000004950000-0x00000000049DF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1332	2992	WerFault.exe	87
1044	2992	WerFault.exe	87
2572	2992	WerFault.exe	87
3884	2992	WerFault.exe	87
452	2992	WerFault.exe	87
1112	2992	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\c82528b8a7642c9f68cbe6d9b84e5fa2.exe
"C:\Users\Admin\AppData\Local\Temp\c82528b8a7642c9f68cbe6d9b84e5fa2.exe"
1⤵
PID:2992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 740
  2⤵
  - Program crash
  PID:1332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 776
  2⤵
  - Program crash
  PID:1044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 892
  2⤵
  - Program crash
  PID:2572
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 756
  2⤵
  - Program crash
  PID:3884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 1100
  2⤵
  - Program crash
  PID:452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 840
  2⤵
  - Program crash
  PID:1112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2992 -ip 2992
1⤵
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2992 -ip 2992
1⤵
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2992 -ip 2992
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 2992 -ip 2992
1⤵
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2992 -ip 2992
1⤵
PID:964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2992 -ip 2992
1⤵
PID:4348

memory/2992-1-0x0000000002FB0000-0x00000000030B0000-memory.dmp

Filesize
1024KB

Download
memory/2992-2-0x0000000004950000-0x00000000049DF000-memory.dmp

Filesize
572KB

Download
memory/2992-3-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/2992-6-0x0000000002FB0000-0x00000000030B0000-memory.dmp

Filesize
1024KB

Download
memory/2992-7-0x0000000004950000-0x00000000049DF000-memory.dmp

Filesize
572KB

Download