raccoon | 37a00ba7c6cafe06ee8e908a1a954a7b1669b75255975289105845a81901ea71

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 02:34

Target

f01851ea050f82906d3b3c97fb7e3b6b_JaffaCakes118.exe
Size

456KB
MD5

f01851ea050f82906d3b3c97fb7e3b6b
SHA1

b46b97077a32d7ca799db127cd6b100c2c775b31
SHA256

37a00ba7c6cafe06ee8e908a1a954a7b1669b75255975289105845a81901ea71
SHA512

ed4cc32c419f27ac33446a168e7949006b1a08a24008796e2c4dd49ead24d86f70c74a4a66fc8aced1535fdd8c4f4797bdd06566abb49e77bcc509cac58f4139
SSDEEP

6144:jVvldIZKPOVHEikXWg4DW1BAaj+A/bT7j6J0H62Oi9OVtkWCnfM2cCck2cxb:jCTHVW1qm+6Tf6Jw62ObVGfMocvcF

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4736-2-0x0000000004980000-0x0000000004A0F000-memory.dmp	family_raccoon_v1
behavioral2/memory/4736-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/4736-6-0x0000000004980000-0x0000000004A0F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3852	4736	WerFault.exe	f01851ea050f82906d3b3c97fb7e3b6b_JaffaCakes118.exe
676	4736	WerFault.exe	f01851ea050f82906d3b3c97fb7e3b6b_JaffaCakes118.exe
3888	4736	WerFault.exe	f01851ea050f82906d3b3c97fb7e3b6b_JaffaCakes118.exe
3328	4736	WerFault.exe	f01851ea050f82906d3b3c97fb7e3b6b_JaffaCakes118.exe
2800	4736	WerFault.exe	f01851ea050f82906d3b3c97fb7e3b6b_JaffaCakes118.exe
628	4736	WerFault.exe	f01851ea050f82906d3b3c97fb7e3b6b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f01851ea050f82906d3b3c97fb7e3b6b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f01851ea050f82906d3b3c97fb7e3b6b_JaffaCakes118.exe"
1⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 744
2⤵
- Program crash
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 780
2⤵
- Program crash
PID:676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 872
2⤵
- Program crash
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 892
2⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 1152
2⤵
- Program crash
PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 1160
2⤵
- Program crash
PID:628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 4736 -ip 4736
1⤵
PID:412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4736 -ip 4736
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4736 -ip 4736
1⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4736 -ip 4736
1⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4736 -ip 4736
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4736 -ip 4736
1⤵
PID:4088

memory/4736-1-0x00000000030E0000-0x00000000031E0000-memory.dmp

Filesize
1024KB

Download
memory/4736-2-0x0000000004980000-0x0000000004A0F000-memory.dmp

Filesize
572KB

Download
memory/4736-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/4736-6-0x0000000004980000-0x0000000004A0F000-memory.dmp

Filesize
572KB

Download
memory/4736-7-0x00000000030E0000-0x00000000031E0000-memory.dmp

Filesize
1024KB

Download