Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

9c0492e615...18.exe

windows7-x64

10

9c0492e615...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/04/2024, 01:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe

  • Size

    593KB

  • MD5

    9c0492e61521e6fe5268d0ee2ff2c482

  • SHA1

    39e6e1b41f265aa05819845b1e6c0740841b5592

  • SHA256

    a7771d18aea9dee5ae35a627ec9344ec094ecea7e8fd3719a6ee0a3c5757692c

  • SHA512

    1838c0a076aef2eb7ab053d8b050143cfec3ffe3988d0689b8a5ab4de3daf958e5358510f70bff4065ad303d17cbe45969e9dfb31490c04f88adbee48aa5b4a2

  • SSDEEP

    12288:BoJENoTXYaKVdygqsEiaJQd1/jdfrEAIcP3wNS0i:BoeNQYvWsEiaJU/xIcP3r

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe"
    1⤵
      PID:1196

    Network

    • flag-us
      DNS
      telegatt.top
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      telegatt.top
      IN A
      Response
    • flag-us
      DNS
      telegka.top
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      telegka.top
      IN A
      Response
    • flag-us
      DNS
      telegin.top
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      telegin.top
      IN A
      Response
    • flag-us
      DNS
      t.me
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      Remote address:
      8.8.8.8:53
      Request
      t.me
      IN A
      Response
      t.me
      IN A
      149.154.167.99
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      338 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      288 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      338 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      288 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      338 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      288 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      338 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      288 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      338 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      288 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      338 B
       219 B
       5
      5
    • 149.154.167.99:443
      t.me
      tls
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      288 B
       219 B
       5
      5
    • 8.8.8.8:53
      telegatt.top
      dns
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      58 B
       128 B
       1
      1

      DNS Request

      telegatt.top

    • 8.8.8.8:53
      telegka.top
      dns
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      57 B
       127 B
       1
      1

      DNS Request

      telegka.top

    • 8.8.8.8:53
      telegin.top
      dns
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      57 B
       127 B
       1
      1

      DNS Request

      telegin.top

    • 8.8.8.8:53
      t.me
      dns
      9c0492e61521e6fe5268d0ee2ff2c482_JaffaCakes118.exe
      50 B
       66 B
       1
      1

      DNS Request

      t.me

      DNS Response

      149.154.167.99

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1196-2-0x00000000002C0000-0x000000000034E000-memory.dmp

      Filesize

      568KB

      Download

    • memory/1196-1-0x0000000000860000-0x0000000000960000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1196-3-0x0000000000400000-0x00000000007C6000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1196-4-0x0000000000400000-0x00000000007C6000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1196-6-0x0000000000860000-0x0000000000960000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1196-7-0x00000000002C0000-0x000000000034E000-memory.dmp

      Filesize

      568KB

      Download

    • memory/1196-16-0x0000000000400000-0x00000000007C6000-memory.dmp

      Filesize

      3.8MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.