Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e99afcbb14...18.exe

windows7-x64

10

e99afcbb14...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 08:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe

  • Size

    422KB

  • MD5

    e99afcbb149ba6dfbdd90c034b88fe73

  • SHA1

    be974111ad0a8f3870d09706ea07b5438f418798

  • SHA256

    924b9935b1f2be85aa36e0158f0a55c1200cdf9046077a5b491f1aeb034c2353

  • SHA512

    bf8b1f544ab9e689068f94b7ee5cfbe304b3756308d022be2e487216dd01aed0fcc2ac76e5d6b4c2f434a1125a88d5c71a2ecdafdb7bddd82447e77601c6b4a9

  • SSDEEP

    6144:RyZ0UFc6AvAEvuGmqJgMTt7/xOk3WFa0Gh/AA02VC35RXb6uAU2dc56wge5JqtbB:day4EvuWd+kv02c35RrcdcIEUVKZc

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 3 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe"
    1⤵
    • Modifies system certificate store
    PID:2240

Network

  • flag-us
    DNS
    telete.in
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    telete.in
    IN A
    Response
    telete.in
    IN A
    185.53.177.54
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:46:57 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:02 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:07 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:12 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:17 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:22 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:27 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:32 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:37 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:42 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:47 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:53 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:47:58 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:03 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:08 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:13 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:18 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:23 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:28 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:33 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:38 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:43 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:48 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:53 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:48:58 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:49:03 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:49:08 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:49:13 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:49:18 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/open3entershift
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /open3entershift HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Tue, 09 Apr 2024 08:49:24 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • 185.53.177.54:443
    https://telete.in/open3entershift
    tls, http
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    9.1kB
     11.6kB
     67
    45

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/open3entershift

    HTTP Response

    410
  • 8.8.8.8:53
    telete.in
    dns
    e99afcbb149ba6dfbdd90c034b88fe73_JaffaCakes118.exe
    55 B
     71 B
     1
    1

    DNS Request

    telete.in

    DNS Response

    185.53.177.54

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2240-2-0x00000000002C0000-0x000000000034F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2240-1-0x0000000001E50000-0x0000000001F50000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2240-3-0x0000000000400000-0x0000000001DB7000-memory.dmp

    Filesize

    25.7MB

    Download

  • memory/2240-7-0x00000000002C0000-0x000000000034F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2240-6-0x0000000001E50000-0x0000000001F50000-memory.dmp

    Filesize

    1024KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.