raccoon | 1883ecfeb13db40cdee104b20fb8706b7789ef8f739778d8204c7291b5737d73

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2024 02:13

Target

e3d34da9fdb32c9f9309b7ffca5ba16f_JaffaCakes118.exe
Size

430KB
MD5

e3d34da9fdb32c9f9309b7ffca5ba16f
SHA1

2ed599f38521d6a1886c7ceac4de30da90839018
SHA256

1883ecfeb13db40cdee104b20fb8706b7789ef8f739778d8204c7291b5737d73
SHA512

4ff3409940e9d52b3180b2dcb0073a3ca07f4663b6edd17625ba81c70e95787beec1fb2bce2eb4c53e78b8e4254f5768289395f2e78132fb895492c7870e87af
SSDEEP

6144:ZZ4ATClAkxdtoMB1AIRrC0BtIGY//+Obm6OKVneKyqNJ+ghb4eVJUvLxJqkRgFnL:rpgpxHoarrBGX5xeaTJhFcLMZL

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/1084-2-0x0000000004AD0000-0x0000000004B5F000-memory.dmp	family_raccoon_v1
behavioral2/memory/1084-3-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/1084-4-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/1084-7-0x0000000004AD0000-0x0000000004B5F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2780	1084	WerFault.exe	87
2944	1084	WerFault.exe	87
1924	1084	WerFault.exe	87
2184	1084	WerFault.exe	87
4516	1084	WerFault.exe	87
4352	1084	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\e3d34da9fdb32c9f9309b7ffca5ba16f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e3d34da9fdb32c9f9309b7ffca5ba16f_JaffaCakes118.exe"
1⤵
PID:1084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 744
  2⤵
  - Program crash
  PID:2780
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 776
  2⤵
  - Program crash
  PID:2944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 872
  2⤵
  - Program crash
  PID:1924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 880
  2⤵
  - Program crash
  PID:2184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 1112
  2⤵
  - Program crash
  PID:4516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 1052
  2⤵
  - Program crash
  PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1084 -ip 1084
1⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1084 -ip 1084
1⤵
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1084 -ip 1084
1⤵
PID:508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1084 -ip 1084
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1084 -ip 1084
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1084 -ip 1084
1⤵
PID:3504

memory/1084-1-0x0000000002EF0000-0x0000000002FF0000-memory.dmp

Filesize
1024KB

Download
memory/1084-2-0x0000000004AD0000-0x0000000004B5F000-memory.dmp

Filesize
572KB

Download
memory/1084-3-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/1084-4-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/1084-6-0x0000000002EF0000-0x0000000002FF0000-memory.dmp

Filesize
1024KB

Download
memory/1084-7-0x0000000004AD0000-0x0000000004B5F000-memory.dmp

Filesize
572KB

Download