raccoon | 200ae905586ed70b0e4d2b45a4090a11076c84874f017b7e1866d7acaab80d6e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 16:02

Target

eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
Size

491KB
MD5

eb711850b55eef26986d38f1d0a93226
SHA1

2cafc9230bd7a2848c1989c2438c9192d4f53aae
SHA256

200ae905586ed70b0e4d2b45a4090a11076c84874f017b7e1866d7acaab80d6e
SHA512

2f75e30beb24a6077920359f402ea6b244c6dae9b4fe16c2bffe0c7c2d6c2bba5adbcfbed3cd7b0d1f45f182cb1583c46a3f3e91d36feca9bcbf829a6920254c
SSDEEP

12288:56uYPLLE9BArgKPFOQnLuWMZarsYJtv0nTSv1Hc9c:2PLLeBAcK9OQnSWOarsYJVdvZ

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/3988-2-0x0000000003B00000-0x0000000003B8F000-memory.dmp	family_raccoon_v1
behavioral2/memory/3988-3-0x0000000000400000-0x0000000001DC8000-memory.dmp	family_raccoon_v1
behavioral2/memory/3988-6-0x0000000003B00000-0x0000000003B8F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3076	3988	WerFault.exe	83
3556	3988	WerFault.exe	83
3236	3988	WerFault.exe	83
3696	3988	WerFault.exe	83
116	3988	WerFault.exe	83
464	3988	WerFault.exe	83

C:\Users\Admin\AppData\Local\Temp\eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe"
1⤵
PID:3988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 740
  2⤵
  - Program crash
  PID:3076
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 776
  2⤵
  - Program crash
  PID:3556
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 744
  2⤵
  - Program crash
  PID:3236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 876
  2⤵
  - Program crash
  PID:3696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 1164
  2⤵
  - Program crash
  PID:116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 1164
  2⤵
  - Program crash
  PID:464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3988 -ip 3988
1⤵
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3988 -ip 3988
1⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 3988 -ip 3988
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 3988 -ip 3988
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3988 -ip 3988
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 3988 -ip 3988
1⤵
PID:4528

memory/3988-1-0x0000000002140000-0x0000000002240000-memory.dmp

Filesize
1024KB

Download
memory/3988-2-0x0000000003B00000-0x0000000003B8F000-memory.dmp

Filesize
572KB

Download
memory/3988-3-0x0000000000400000-0x0000000001DC8000-memory.dmp

Filesize
25.8MB

Download
memory/3988-6-0x0000000003B00000-0x0000000003B8F000-memory.dmp

Filesize
572KB

Download
memory/3988-7-0x0000000002140000-0x0000000002240000-memory.dmp

Filesize
1024KB

Download