raccoon | 336b73345346ecc0c06d050402fba00e1301be6c4989b448e7cc11c967722d7c

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 22:01

Target

ee70f01d13a439e1c1c989d4d9a098ba_JaffaCakes118.exe
Size

575KB
MD5

ee70f01d13a439e1c1c989d4d9a098ba
SHA1

a0666179e5326c622663fbcd86c09f6c9154896a
SHA256

336b73345346ecc0c06d050402fba00e1301be6c4989b448e7cc11c967722d7c
SHA512

32218f3126ca08d2b4070b71ae395b888427bca63d699983fd9fac3570a8437d8e171358f50c029d51e58362902437e5c1b3111b58dfe4845a1a9e3a47570c62
SSDEEP

12288:753MF7bR595vaJjI0zkvdOxOD1udmCKRKxuaX59Y:76R595vaJI0zkvsOD14mZRX1

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/4372-2-0x0000000003EF0000-0x0000000003F7F000-memory.dmp	family_raccoon_v1
behavioral2/memory/4372-3-0x0000000000400000-0x00000000021AE000-memory.dmp	family_raccoon_v1
behavioral2/memory/4372-4-0x0000000000400000-0x00000000021AE000-memory.dmp	family_raccoon_v1
behavioral2/memory/4372-7-0x0000000003EF0000-0x0000000003F7F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1724	4372	WerFault.exe	84
5056	4372	WerFault.exe	84
2200	4372	WerFault.exe	84
4516	4372	WerFault.exe	84
4200	4372	WerFault.exe	84
2152	4372	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\ee70f01d13a439e1c1c989d4d9a098ba_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ee70f01d13a439e1c1c989d4d9a098ba_JaffaCakes118.exe"
1⤵
PID:4372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 740
  2⤵
  - Program crash
  PID:1724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 760
  2⤵
  - Program crash
  PID:5056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 868
  2⤵
  - Program crash
  PID:2200
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 884
  2⤵
  - Program crash
  PID:4516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 1056
  2⤵
  - Program crash
  PID:4200
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 1172
  2⤵
  - Program crash
  PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4372 -ip 4372
1⤵
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4372 -ip 4372
1⤵
PID:444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4372 -ip 4372
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4372 -ip 4372
1⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4372 -ip 4372
1⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4372 -ip 4372
1⤵
PID:4764

memory/4372-1-0x0000000002340000-0x0000000002440000-memory.dmp

Filesize
1024KB

Download
memory/4372-2-0x0000000003EF0000-0x0000000003F7F000-memory.dmp

Filesize
572KB

Download
memory/4372-3-0x0000000000400000-0x00000000021AE000-memory.dmp

Filesize
29.7MB

Download
memory/4372-4-0x0000000000400000-0x00000000021AE000-memory.dmp

Filesize
29.7MB

Download
memory/4372-6-0x0000000002340000-0x0000000002440000-memory.dmp

Filesize
1024KB

Download
memory/4372-7-0x0000000003EF0000-0x0000000003F7F000-memory.dmp

Filesize
572KB

Download