raccoon | 26ee1d64f1bb7d8e443a7395ab8c5b1f9762b6e59d43a16ab386d629356ca014

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 05:35

Target

ca9c105162045856eda50f7fcbb7cc55.exe
Size

419KB
MD5

ca9c105162045856eda50f7fcbb7cc55
SHA1

9c38f99433518faa564d75f537eab07e69fa6936
SHA256

26ee1d64f1bb7d8e443a7395ab8c5b1f9762b6e59d43a16ab386d629356ca014
SHA512

563a438e8e20814c1363db34c10c7a34d38f851fb30276576406337fafa16da9e915df3714a54eadfdbb4941264b30f22722aacf41707c0fb4ab51b173bc0c76
SSDEEP

12288:nfDZDqvHx9Is8fZO/W/90+Pp7yZiw1+c:nfDZDqvrIlXmlz

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/4940-2-0x0000000003B00000-0x0000000003B8F000-memory.dmp	family_raccoon_v1
behavioral2/memory/4940-3-0x0000000000400000-0x0000000001DB5000-memory.dmp	family_raccoon_v1
behavioral2/memory/4940-4-0x0000000000400000-0x0000000001DB5000-memory.dmp	family_raccoon_v1
behavioral2/memory/4940-7-0x0000000003B00000-0x0000000003B8F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4208	4940	WerFault.exe	94
3924	4940	WerFault.exe	94
5072	4940	WerFault.exe	94
4060	4940	WerFault.exe	94
4452	4940	WerFault.exe	94
2376	4940	WerFault.exe	94

C:\Users\Admin\AppData\Local\Temp\ca9c105162045856eda50f7fcbb7cc55.exe
"C:\Users\Admin\AppData\Local\Temp\ca9c105162045856eda50f7fcbb7cc55.exe"
1⤵
PID:4940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 740
  2⤵
  - Program crash
  PID:4208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 748
  2⤵
  - Program crash
  PID:3924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 776
  2⤵
  - Program crash
  PID:5072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 892
  2⤵
  - Program crash
  PID:4060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 1100
  2⤵
  - Program crash
  PID:4452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 1228
  2⤵
  - Program crash
  PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4940 -ip 4940
1⤵
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4940 -ip 4940
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4940 -ip 4940
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4940 -ip 4940
1⤵
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4940 -ip 4940
1⤵
PID:780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4940 -ip 4940
1⤵
PID:3976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3208 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:3320

memory/4940-1-0x0000000001EB0000-0x0000000001FB0000-memory.dmp

Filesize
1024KB

Download
memory/4940-2-0x0000000003B00000-0x0000000003B8F000-memory.dmp

Filesize
572KB

Download
memory/4940-3-0x0000000000400000-0x0000000001DB5000-memory.dmp

Filesize
25.7MB

Download
memory/4940-4-0x0000000000400000-0x0000000001DB5000-memory.dmp

Filesize
25.7MB

Download
memory/4940-6-0x0000000001EB0000-0x0000000001FB0000-memory.dmp

Filesize
1024KB

Download
memory/4940-7-0x0000000003B00000-0x0000000003B8F000-memory.dmp

Filesize
572KB

Download