raccoon | 70a7ea01f9b72bce12827971f0208c90d631535ba2d96286a67cacf6e62a13cf

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 15:09

Target

cbbac2273a64f48a8d804df3b591b4bb.exe
Size

429KB
MD5

cbbac2273a64f48a8d804df3b591b4bb
SHA1

4eb56ea5d2667ca37bb94439d6a9e38c0468b702
SHA256

70a7ea01f9b72bce12827971f0208c90d631535ba2d96286a67cacf6e62a13cf
SHA512

39395ce56bba5483d5295f13963a817d9cdb7e34ef2e73733053ad1ddf281e36ec528902e1c4819eaacbcf3ad50d2b74d5399c246e795043b848aa29a70d3fe8
SSDEEP

6144:OYNrvx9YZRyq4gWxx27E2mm6vqxO+SjNaAH+Af76TTv6P6X:OYRvjYbi/x07YoO+SjIAeAKu

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/1756-2-0x0000000004AA0000-0x0000000004B2F000-memory.dmp	family_raccoon_v1
behavioral2/memory/1756-3-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/1756-4-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/1756-7-0x0000000004AA0000-0x0000000004B2F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4668	1756	WerFault.exe	93
2760	1756	WerFault.exe	93
416	1756	WerFault.exe	93
3092	1756	WerFault.exe	93
4840	1756	WerFault.exe	93
764	1756	WerFault.exe	93

C:\Users\Admin\AppData\Local\Temp\cbbac2273a64f48a8d804df3b591b4bb.exe
"C:\Users\Admin\AppData\Local\Temp\cbbac2273a64f48a8d804df3b591b4bb.exe"
1⤵
PID:1756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 740
  2⤵
  - Program crash
  PID:4668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 760
  2⤵
  - Program crash
  PID:2760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 768
  2⤵
  - Program crash
  PID:416
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 784
  2⤵
  - Program crash
  PID:3092
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 1128
  2⤵
  - Program crash
  PID:4840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 1260
  2⤵
  - Program crash
  PID:764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1756 -ip 1756
1⤵
PID:440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1756 -ip 1756
1⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1756 -ip 1756
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1756 -ip 1756
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1756 -ip 1756
1⤵
PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1756 -ip 1756
1⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:60

memory/1756-1-0x0000000002D90000-0x0000000002E90000-memory.dmp

Filesize
1024KB

Download
memory/1756-2-0x0000000004AA0000-0x0000000004B2F000-memory.dmp

Filesize
572KB

Download
memory/1756-3-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/1756-4-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/1756-6-0x0000000002D90000-0x0000000002E90000-memory.dmp

Filesize
1024KB

Download
memory/1756-7-0x0000000004AA0000-0x0000000004B2F000-memory.dmp

Filesize
572KB

Download