raccoon | 73db508abbdf121fded79e1597dff00a58628096bb9751e74dd8659d9fe2eefe

Analysis

max time kernel
146s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 12:52

Target

cb7539c4b28691e2d6c67cb95f8d0dc8.exe
Size

480KB
MD5

cb7539c4b28691e2d6c67cb95f8d0dc8
SHA1

4085ff10ba5933b6d9f2d8375d7aa259bba9b9dd
SHA256

73db508abbdf121fded79e1597dff00a58628096bb9751e74dd8659d9fe2eefe
SHA512

a1c467d9cb62bc29bd00268848ef60f95970390ba7456638b38bfe89ca8aad1988428a7d11a7db2be5c7b1957c7986ba45fa047833f644e2832f81e62dbe1ae3
SSDEEP

12288:dw6dak4prhc/j3otGycD/LDs9Wvs1rEcF:dw6dNa+/jwS4pd

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/636-2-0x0000000002E80000-0x0000000002F0F000-memory.dmp	family_raccoon_v1
behavioral2/memory/636-3-0x0000000000400000-0x0000000002D08000-memory.dmp	family_raccoon_v1
behavioral2/memory/636-4-0x0000000000400000-0x0000000002D08000-memory.dmp	family_raccoon_v1
behavioral2/memory/636-7-0x0000000002E80000-0x0000000002F0F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4372	636	WerFault.exe	86
3172	636	WerFault.exe	86
1316	636	WerFault.exe	86
4272	636	WerFault.exe	86
3184	636	WerFault.exe	86
2888	636	WerFault.exe	86

C:\Users\Admin\AppData\Local\Temp\cb7539c4b28691e2d6c67cb95f8d0dc8.exe
"C:\Users\Admin\AppData\Local\Temp\cb7539c4b28691e2d6c67cb95f8d0dc8.exe"
1⤵
PID:636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 744
  2⤵
  - Program crash
  PID:4372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 760
  2⤵
  - Program crash
  PID:3172
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 768
  2⤵
  - Program crash
  PID:1316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 768
  2⤵
  - Program crash
  PID:4272
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 1196
  2⤵
  - Program crash
  PID:3184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 1200
  2⤵
  - Program crash
  PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 636 -ip 636
1⤵
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 636 -ip 636
1⤵
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 636 -ip 636
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 636 -ip 636
1⤵
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 636 -ip 636
1⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 636 -ip 636
1⤵
PID:4300

memory/636-1-0x0000000002F30000-0x0000000003030000-memory.dmp

Filesize
1024KB

Download
memory/636-2-0x0000000002E80000-0x0000000002F0F000-memory.dmp

Filesize
572KB

Download
memory/636-3-0x0000000000400000-0x0000000002D08000-memory.dmp

Filesize
41.0MB

Download
memory/636-4-0x0000000000400000-0x0000000002D08000-memory.dmp

Filesize
41.0MB

Download
memory/636-6-0x0000000002F30000-0x0000000003030000-memory.dmp

Filesize
1024KB

Download
memory/636-7-0x0000000002E80000-0x0000000002F0F000-memory.dmp

Filesize
572KB

Download