raccoon | d36e7182e5d0ad3a9d53cbda34909a87696ed7230467a8951e0ed4138aa10459

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 16:09

Target

eb74d75a2ea348eb9264ffa734513767_JaffaCakes118.exe
Size

456KB
MD5

eb74d75a2ea348eb9264ffa734513767
SHA1

f46de6ecc7c5886aed326f6645584a8fc9bdd928
SHA256

d36e7182e5d0ad3a9d53cbda34909a87696ed7230467a8951e0ed4138aa10459
SHA512

15c30a68805d670f35ea1f11a4bb6e0fc64bc83a5960c08a9f636be7ded6c4ff7a2dcf0784da6a9e6ce2bc5a9a71b402fabcab9e461d4545740186430b2874e8
SSDEEP

12288:mKl+u1oTSm/JIIQX37EWR31McKyz0UO/G0ec:msaTBuI2rEI3ycKmAu0

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/1396-2-0x0000000004980000-0x0000000004A0F000-memory.dmp	family_raccoon_v1
behavioral2/memory/1396-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/1396-4-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/1396-6-0x0000000004980000-0x0000000004A0F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2036	1396	WerFault.exe	84
4296	1396	WerFault.exe	84
4308	1396	WerFault.exe	84
972	1396	WerFault.exe	84
3684	1396	WerFault.exe	84
788	1396	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\eb74d75a2ea348eb9264ffa734513767_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eb74d75a2ea348eb9264ffa734513767_JaffaCakes118.exe"
1⤵
PID:1396
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 752
  2⤵
  - Program crash
  PID:2036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 760
  2⤵
  - Program crash
  PID:4296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 892
  2⤵
  - Program crash
  PID:4308
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 920
  2⤵
  - Program crash
  PID:972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 1180
  2⤵
  - Program crash
  PID:3684
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 1216
  2⤵
  - Program crash
  PID:788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1396 -ip 1396
1⤵
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1396 -ip 1396
1⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1396 -ip 1396
1⤵
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1396 -ip 1396
1⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1396 -ip 1396
1⤵
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1396 -ip 1396
1⤵
PID:116

memory/1396-1-0x0000000002EE0000-0x0000000002FE0000-memory.dmp

Filesize
1024KB

Download
memory/1396-2-0x0000000004980000-0x0000000004A0F000-memory.dmp

Filesize
572KB

Download
memory/1396-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/1396-4-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/1396-6-0x0000000004980000-0x0000000004A0F000-memory.dmp

Filesize
572KB

Download
memory/1396-7-0x0000000002EE0000-0x0000000002FE0000-memory.dmp

Filesize
1024KB

Download