raccoon | d296761fbf810220d17518b9870bd1c21cd4875b191e3a9e4b605e24e3461b8d

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 04:59

Target

ecb73a1c74b683531bc9c30e6e1fd6ea_JaffaCakes118.exe
Size

491KB
MD5

ecb73a1c74b683531bc9c30e6e1fd6ea
SHA1

def893c3d38c134fc79fbc129097798e9f978cc9
SHA256

d296761fbf810220d17518b9870bd1c21cd4875b191e3a9e4b605e24e3461b8d
SHA512

8e5351576072e044fa8fec853ef12071dc034f71cf350c65dd49ee429685eed556ca4453658fd9ecbec30638a89af8d493a0fdff7f13327741a7dfdabf5bd9d8
SSDEEP

12288:J6kbslXYY4DBb5g3puSV/ht3Mtv6v1Hc9c:CaY35J/ht3MEvZ

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

resource	yara_rule
behavioral2/memory/5088-2-0x0000000003B10000-0x0000000003B9F000-memory.dmp	family_raccoon_v1
behavioral2/memory/5088-3-0x0000000000400000-0x0000000001DC8000-memory.dmp	family_raccoon_v1
behavioral2/memory/5088-6-0x0000000003B10000-0x0000000003B9F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4952	5088	WerFault.exe	84
4144	5088	WerFault.exe	84
2292	5088	WerFault.exe	84
5080	5088	WerFault.exe	84
5044	5088	WerFault.exe	84
4396	5088	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\ecb73a1c74b683531bc9c30e6e1fd6ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ecb73a1c74b683531bc9c30e6e1fd6ea_JaffaCakes118.exe"
1⤵
PID:5088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 740
  2⤵
  - Program crash
  PID:4952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 760
  2⤵
  - Program crash
  PID:4144
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 872
  2⤵
  - Program crash
  PID:2292
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 892
  2⤵
  - Program crash
  PID:5080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 1056
  2⤵
  - Program crash
  PID:5044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 1240
  2⤵
  - Program crash
  PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 5088 -ip 5088
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 5088 -ip 5088
1⤵
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5088 -ip 5088
1⤵
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5088 -ip 5088
1⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5088 -ip 5088
1⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5088 -ip 5088
1⤵
PID:4128

memory/5088-1-0x0000000001FD0000-0x00000000020D0000-memory.dmp

Filesize
1024KB

Download
memory/5088-2-0x0000000003B10000-0x0000000003B9F000-memory.dmp

Filesize
572KB

Download
memory/5088-3-0x0000000000400000-0x0000000001DC8000-memory.dmp

Filesize
25.8MB

Download
memory/5088-6-0x0000000003B10000-0x0000000003B9F000-memory.dmp

Filesize
572KB

Download
memory/5088-7-0x0000000001FD0000-0x00000000020D0000-memory.dmp

Filesize
1024KB

Download