Overview

overview

10

Static

static

3

cb2be9b44b...3f.exe

windows7-x64

10

cb2be9b44b...3f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 10:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb2be9b44b5ccb320e6e6eabfbe3123f.exe

  • Size

    517KB

  • MD5

    cb2be9b44b5ccb320e6e6eabfbe3123f

  • SHA1

    85a92fb7d922a4d2c51bac03fedc2868599f23b5

  • SHA256

    deddab103a2aaae2ce26b6b3b1b1d263ac4c272584ec1d7d5ff8a96bcbaebd4f

  • SHA512

    e6a7ce063641002ac5315eecb2b11f0f4682d8144a81c26c49132c5a4dae2bd2e11ca83ef8a3ea6a8861097487b77c7fc8a60192686c2b79324eb6f8f624b0f9

  • SSDEEP

    12288:S6xb7yfqVqrv+iVxg0P44EcsK6ADkjOUuB0f:F7yfqVcrZPpscmHS0

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 4 IoCs
  • Program crash 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb2be9b44b5ccb320e6e6eabfbe3123f.exe
    "C:\Users\Admin\AppData\Local\Temp\cb2be9b44b5ccb320e6e6eabfbe3123f.exe"
    1⤵
      PID:4892
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 740
        2⤵
        • Program crash
        PID:1460
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 776
        2⤵
        • Program crash
        PID:2964
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 844
        2⤵
        • Program crash
        PID:2872
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 756
        2⤵
        • Program crash
        PID:208
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 744
        2⤵
        • Program crash
        PID:3404
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 1172
        2⤵
        • Program crash
        PID:2380
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4892 -ip 4892
      1⤵
        PID:4452
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4892 -ip 4892
        1⤵
          PID:4484
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4892 -ip 4892
          1⤵
            PID:1456
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4892 -ip 4892
            1⤵
              PID:4932
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4892 -ip 4892
              1⤵
                PID:4140
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4892 -ip 4892
                1⤵
                  PID:3040

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/4892-1-0x00000000022E0000-0x00000000023E0000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/4892-2-0x0000000003DC0000-0x0000000003E4F000-memory.dmp

                  Filesize

                  572KB

                  Download

                • memory/4892-3-0x0000000000400000-0x00000000021A0000-memory.dmp

                  Filesize

                  29.6MB

                  Download

                • memory/4892-4-0x0000000000400000-0x00000000021A0000-memory.dmp

                  Filesize

                  29.6MB

                  Download

                • memory/4892-5-0x00000000022E0000-0x00000000023E0000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/4892-7-0x0000000003DC0000-0x0000000003E4F000-memory.dmp

                  Filesize

                  572KB

                  Download