raccoon | acae5354a2af648fd858686fbfb9414524b26fa4df918356564932e005bba596

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 14:59

Target

e7bc2afac51caba15552110c818c5b4e_JaffaCakes118.exe
Size

491KB
MD5

e7bc2afac51caba15552110c818c5b4e
SHA1

6eafc37379c53c160e84848f75e98746a600d365
SHA256

acae5354a2af648fd858686fbfb9414524b26fa4df918356564932e005bba596
SHA512

4d5b00609e0d1905e2f448565b9c6abbdfa65bf7555fe63a748f80bcda3b2bed9d88f626f84d2d3c34e2ea1088ee40808fd4bb1acad9c5689be57928cebaafdf
SSDEEP

12288:QrIrIOe+v0X8uc8oxiO5qxyMvqSlzDXOKyikXv1Hc9c:dtuc8oxnckqXRkXvZ

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/4148-2-0x0000000003B10000-0x0000000003B9F000-memory.dmp	family_raccoon_v1
behavioral2/memory/4148-3-0x0000000000400000-0x0000000001DC8000-memory.dmp	family_raccoon_v1
behavioral2/memory/4148-4-0x0000000000400000-0x0000000001DC8000-memory.dmp	family_raccoon_v1
behavioral2/memory/4148-7-0x0000000003B10000-0x0000000003B9F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2248	4148	WerFault.exe	84
4924	4148	WerFault.exe	84
920	4148	WerFault.exe	84
1872	4148	WerFault.exe	84
3524	4148	WerFault.exe	84
1736	4148	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\e7bc2afac51caba15552110c818c5b4e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e7bc2afac51caba15552110c818c5b4e_JaffaCakes118.exe"
1⤵
PID:4148
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 740
  2⤵
  - Program crash
  PID:2248
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 776
  2⤵
  - Program crash
  PID:4924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 872
  2⤵
  - Program crash
  PID:920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 896
  2⤵
  - Program crash
  PID:1872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 1196
  2⤵
  - Program crash
  PID:3524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 708
  2⤵
  - Program crash
  PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4148 -ip 4148
1⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 4148 -ip 4148
1⤵
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4148 -ip 4148
1⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4148 -ip 4148
1⤵
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4148 -ip 4148
1⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4148 -ip 4148
1⤵
PID:4900

memory/4148-1-0x0000000001F20000-0x0000000002020000-memory.dmp

Filesize
1024KB

Download
memory/4148-2-0x0000000003B10000-0x0000000003B9F000-memory.dmp

Filesize
572KB

Download
memory/4148-3-0x0000000000400000-0x0000000001DC8000-memory.dmp

Filesize
25.8MB

Download
memory/4148-4-0x0000000000400000-0x0000000001DC8000-memory.dmp

Filesize
25.8MB

Download
memory/4148-5-0x0000000001F20000-0x0000000002020000-memory.dmp

Filesize
1024KB

Download
memory/4148-7-0x0000000003B10000-0x0000000003B9F000-memory.dmp

Filesize
572KB

Download