Overview

overview

10

Static

static

3

edc060932e...18.exe

windows10-1703-x64

10

edc060932e...18.exe

windows10-2004-x64

10

Resubmissions

11-04-2024 16:06

240411-tkk93sfb38 10

11-04-2024 15:30

240411-sxt73she8w 10

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-uk
  • resource tags

    arch:x64arch:x86image:win10-20240404-uklocale:uk-uaos:windows10-1703-x64systemwindows
  • submitted
    11-04-2024 16:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edc060932eab71ee1990e79a30999b2f_JaffaCakes118.exe

  • Size

    670KB

  • MD5

    edc060932eab71ee1990e79a30999b2f

  • SHA1

    8ad274131ff11f58e894bf238d866b822150e511

  • SHA256

    fc88fe29755c931864c4f068bb439637f259220ba0f6d54de0d1298b790181f6

  • SHA512

    a3be88ae1adcb79c6f257520cfc909ed632894783821bd5bb6cccc48773a267fba41550fcb954f493543e105aed152d73e8c7dbb43e0df6e84b7086a8a69c673

  • SSDEEP

    12288:/X/i67DCzMebmibKTGrZ3Jg+oMGIsuIdoEaRx5Cc7cY5AypgR7lMxVd:/X/zn/yNJZ+9IsuaoEwx5Cc7cY5Aypgm

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 3 IoCs
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\edc060932eab71ee1990e79a30999b2f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\edc060932eab71ee1990e79a30999b2f_JaffaCakes118.exe"
    1⤵
      PID:4568
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4480
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4108
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.0.275058559\1371716084" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83e7d5d3-b39e-4642-9e1a-beb1b68716f9} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 1780 1abfdff9e58 gpu
          3⤵
            PID:2708
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.1.617097391\871012688" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c751490-2068-4a57-9094-cf475274ab74} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 2136 1abfdb30858 socket
            3⤵
            • Checks processor information in registry
            PID:1372
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.2.2136799829\2087075746" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 2908 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd7ad2d-87d5-4198-b04c-5191b79143af} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 2900 1ab824a0858 tab
            3⤵
              PID:1852
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.3.155449408\855603414" -childID 2 -isForBrowser -prefsHandle 3276 -prefMapHandle 3272 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e35f1785-601c-43ae-8083-da8937262023} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 3256 1ab808b8f58 tab
              3⤵
                PID:5016
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.4.1057706787\1956564661" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4184 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f5825be-280c-453a-b077-1febbd21b144} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 4228 1ab83aa7d58 tab
                3⤵
                  PID:2692
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.5.86931347\1535593885" -childID 4 -isForBrowser -prefsHandle 4412 -prefMapHandle 4656 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a473386d-589a-405e-a665-c14af1c9fb71} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 4708 1ab84711858 tab
                  3⤵
                    PID:3576
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.6.615372264\83748627" -childID 5 -isForBrowser -prefsHandle 4592 -prefMapHandle 4588 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f258042d-2887-43e0-837b-48a8e41f21bd} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 4552 1ab8470fd58 tab
                    3⤵
                      PID:3328
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.7.1237790583\872671504" -childID 6 -isForBrowser -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22c39023-a49d-4330-87f1-3d6167cff79c} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 5008 1ab8470e558 tab
                      3⤵
                        PID:3452

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    962d94ebecb4eff8bce2b7f299a8a31e

                    SHA1

                    afd4896f2c7d21560885c75a05a914b28b94a6cc

                    SHA256

                    1b193a42e8aed101c2bc6f05b39086e7d118e96bfa28b4d262660d47e9f0296e

                    SHA512

                    8f71c5ee717f7599e32bf1ede3af7fcd93fb765ede982d1a1a286bba08fdaabe6540e0b043c08d4feb59e259f7bf2cfca3f746c21d84e7faba39a841c324428f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7539d52e-46c2-4634-80a4-bc405204ed6d
                    Filesize

                    746B

                    MD5

                    4de4918dc6a78eca001c4855515a5f52

                    SHA1

                    b161d8bb55405fe7861de4e83394cd8cf2bd3ed8

                    SHA256

                    0739a286aa5facbbc633f7100572d7a6c6fe77ca82c7a0e431ef905d24bb0b75

                    SHA512

                    a765a8a0922e932df4f0e14edd2644b296cc7490790683413aebcc3e82b10e64f165ee76b1eba5573e0a65913a0f7c8a29182652f7579d808fb0b3f63c97913e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\8fce869f-f3dd-48db-ba03-1507c9c35396
                    Filesize

                    11KB

                    MD5

                    80b458592673d96048cbf755025b3008

                    SHA1

                    2bf91d5843870e832f8c1014d04d8a8011fa93f0

                    SHA256

                    48c2d3608102a799adcf18d94149c85672c3d0a0b7e4a723d58f78eebe53c002

                    SHA512

                    032a243197bb7473538e5a0f61bf604c6f98d648cfe204907fb0d98945609bc75eb54c71d36c424b07f3bd171fa33c70d1301f99f2e2062fbd875869082ead40

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    36868bae0f7c29b134e004aa84384081

                    SHA1

                    993206c4f17a5c354618c3f6b3867f4e7274c410

                    SHA256

                    d1f7ad4c593e6c898e830b6a9f3ee7cce4f7e8168fb15453b8aa8297f1383374

                    SHA512

                    1ba4266b5cddf2ffdb61c83d6730fb8348af30f7c1af1f391fdd0e6dfa14223a570f1326eabc870f0b6348e8ed6e4b4e1d24d6aaf6dea05ff68fad3187caba57

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
                    Filesize

                    288B

                    MD5

                    948a7403e323297c6bb8a5c791b42866

                    SHA1

                    88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

                    SHA256

                    2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

                    SHA512

                    17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    28e78c8759167cccc54f21a752fe8409

                    SHA1

                    3c72e0087872614ca682c52422cd15bd8362e0d0

                    SHA256

                    11cd1fe30d43455d2597e8720088306d7b792e20ca088d02e9305fd42b56b537

                    SHA512

                    5061981c8909650d60722eb0a981d065b5d30109f1ddffe2833af1194538f03c7429fc3f8d1388ecd91d2065abb7c87ddfab4b91be00763d357374814fc98381

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
                    Filesize

                    890B

                    MD5

                    447ab3f29ddf9ede56fa8bd69252af6b

                    SHA1

                    60a4337ec9dea6c056784d8905b18f619517adb1

                    SHA256

                    c0d2df844b40fe77d29ce48ef1aeb50ba5994938ef4a18f5fe50003480bb5586

                    SHA512

                    e61daaebfda87a606393ab22c706bd3dc2a79d3b7e6d633359068c74d3a9787588ed2862861f56b56ed05354e57d697608f8670e7d7bcfc2c45b7b29a0082f2a

                    Download Submit

                  • memory/4568-0-0x0000000004850000-0x000000000489F000-memory.dmp

                    Filesize

                    316KB

                    Download

                  • memory/4568-1-0x00000000048D0000-0x0000000004961000-memory.dmp

                    Filesize

                    580KB

                    Download

                  • memory/4568-2-0x0000000000400000-0x0000000004414000-memory.dmp

                    Filesize

                    64.1MB

                    Download

                  • memory/4568-3-0x00000000048D0000-0x0000000004961000-memory.dmp

                    Filesize

                    580KB

                    Download