raccoon | 950c8f578b4dd0915b3e40c14d52e71776586c30af8ad81c6783fa7592461e00

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 04:51

Target

f059b70c004f6d957db5dfcaa78449a7_JaffaCakes118.exe
Size

487KB
MD5

f059b70c004f6d957db5dfcaa78449a7
SHA1

396c7a2afe90a4037a727e4231074743c9e65c79
SHA256

950c8f578b4dd0915b3e40c14d52e71776586c30af8ad81c6783fa7592461e00
SHA512

971d58e89eddf4cf524e596a0520aacf1cc372a0de8ab8c5a06fadeb1fdc701c1e6882b372a0ad5ce776832e412a85394e1a9c70d370310974413c2d934a0991
SSDEEP

12288:KdbW5f2tRQDrQ2PUNGq42HG5UWZrVeRJ4:HksUMqJm5UWZpw

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4184-2-0x0000000002030000-0x00000000020BF000-memory.dmp	family_raccoon_v1
behavioral2/memory/4184-3-0x0000000000400000-0x0000000001DC7000-memory.dmp	family_raccoon_v1
behavioral2/memory/4184-6-0x0000000002030000-0x00000000020BF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2020	4184	WerFault.exe	f059b70c004f6d957db5dfcaa78449a7_JaffaCakes118.exe
1876	4184	WerFault.exe	f059b70c004f6d957db5dfcaa78449a7_JaffaCakes118.exe
3432	4184	WerFault.exe	f059b70c004f6d957db5dfcaa78449a7_JaffaCakes118.exe
4768	4184	WerFault.exe	f059b70c004f6d957db5dfcaa78449a7_JaffaCakes118.exe
3940	4184	WerFault.exe	f059b70c004f6d957db5dfcaa78449a7_JaffaCakes118.exe
3872	4184	WerFault.exe	f059b70c004f6d957db5dfcaa78449a7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f059b70c004f6d957db5dfcaa78449a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f059b70c004f6d957db5dfcaa78449a7_JaffaCakes118.exe"
1⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 740
2⤵
- Program crash
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 776
2⤵
- Program crash
PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 876
2⤵
- Program crash
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 896
2⤵
- Program crash
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 1204
2⤵
- Program crash
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 620
2⤵
- Program crash
PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4184 -ip 4184
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4184 -ip 4184
1⤵
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4184 -ip 4184
1⤵
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4184 -ip 4184
1⤵
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4184 -ip 4184
1⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4184 -ip 4184
1⤵
PID:2092

memory/4184-1-0x00000000020D0000-0x00000000021D0000-memory.dmp

Filesize
1024KB

Download
memory/4184-2-0x0000000002030000-0x00000000020BF000-memory.dmp

Filesize
572KB

Download
memory/4184-3-0x0000000000400000-0x0000000001DC7000-memory.dmp

Filesize
25.8MB

Download
memory/4184-6-0x0000000002030000-0x00000000020BF000-memory.dmp

Filesize
572KB

Download
memory/4184-7-0x00000000020D0000-0x00000000021D0000-memory.dmp

Filesize
1024KB

Download