raccoon | 7e1526e8a418dc74b5d9d2666ba67cb511bead21bb770db5a75dc7e4db77a90a

Analysis

max time kernel
193s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2024 18:35

Target

d9849cf49660ccb07d7a2066b9bddbc9.exe
Size

455KB
MD5

d9849cf49660ccb07d7a2066b9bddbc9
SHA1

69262560cf5216d50e9b289863f1946c6a0fc71e
SHA256

7e1526e8a418dc74b5d9d2666ba67cb511bead21bb770db5a75dc7e4db77a90a
SHA512

7e5493b5caa13b41860a74cc49affc566341d249dd15969eb06482b3b0ccbe48966d3099b88efa620124f5638f7820a2033e8cb699feb5504b724eb3b172e70c
SSDEEP

6144:PAZh8RoB2mZcv/uKJuecfbkUakkIMV3zyDD31GvzQfCy8KHT2q+iBu14i0hnmHwk:P42ccv2K2bkFRyPgv0fP8Vq+vnonmec

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/3660-2-0x0000000004A50000-0x0000000004ADF000-memory.dmp	family_raccoon_v1
behavioral2/memory/3660-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/3660-4-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/3660-8-0x0000000004A50000-0x0000000004ADF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1940	3660	WerFault.exe	87
4808	3660	WerFault.exe	87
2996	3660	WerFault.exe	87
2668	3660	WerFault.exe	87
4688	3660	WerFault.exe	87
4304	3660	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\d9849cf49660ccb07d7a2066b9bddbc9.exe
"C:\Users\Admin\AppData\Local\Temp\d9849cf49660ccb07d7a2066b9bddbc9.exe"
1⤵
PID:3660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 656
  2⤵
  - Program crash
  PID:1940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 788
  2⤵
  - Program crash
  PID:4808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 796
  2⤵
  - Program crash
  PID:2996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 756
  2⤵
  - Program crash
  PID:2668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 796
  2⤵
  - Program crash
  PID:4688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 1100
  2⤵
  - Program crash
  PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3660 -ip 3660
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3660 -ip 3660
1⤵
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3660 -ip 3660
1⤵
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3660 -ip 3660
1⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3660 -ip 3660
1⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3660 -ip 3660
1⤵
PID:1192

memory/3660-1-0x0000000002F80000-0x0000000003080000-memory.dmp

Filesize
1024KB

Download
memory/3660-2-0x0000000004A50000-0x0000000004ADF000-memory.dmp

Filesize
572KB

Download
memory/3660-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/3660-4-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/3660-7-0x0000000002F80000-0x0000000003080000-memory.dmp

Filesize
1024KB

Download
memory/3660-8-0x0000000004A50000-0x0000000004ADF000-memory.dmp

Filesize
572KB

Download