raccoon | adf56d5514f9ff609943983010d3fc67ac0b29d5f92ac9adc25bafba79bad88a

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 09:06

Target

f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe
Size

468KB
MD5

f0b68ddc0bef98205b22b8bccec05436
SHA1

87a8ca516fbbb6a34bb8f4dd5a6f3930b64e90c9
SHA256

adf56d5514f9ff609943983010d3fc67ac0b29d5f92ac9adc25bafba79bad88a
SHA512

4b052079bcded8571e589cf945430fd0607fa7a2d97d066ee1c60f96787abb2517e6c85ea87f61f2936fdd1e016d7a00a8ba0a5d552d2f13e9808bc2e6a30e7c
SSDEEP

6144:j2nWLbsyDsyW2EGKo1Y4rA6VUzGm5UiWSA1y7UEdRa0sORORDCi:uW8y4yWx8j86V2GmrWSKuUESOC2i

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3692-2-0x0000000002FB0000-0x000000000303F000-memory.dmp	family_raccoon_v1
behavioral2/memory/3692-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/3692-7-0x0000000002FB0000-0x000000000303F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4296	3692	WerFault.exe	f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe
2156	3692	WerFault.exe	f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe
4632	3692	WerFault.exe	f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe
4840	3692	WerFault.exe	f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe
3564	3692	WerFault.exe	f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe
2596	3692	WerFault.exe	f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe"
1⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 740
2⤵
- Program crash
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 776
2⤵
- Program crash
PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 756
2⤵
- Program crash
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 892
2⤵
- Program crash
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 1156
2⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 1168
2⤵
- Program crash
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3692 -ip 3692
1⤵
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3692 -ip 3692
1⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3692 -ip 3692
1⤵
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3692 -ip 3692
1⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3692 -ip 3692
1⤵
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3692 -ip 3692
1⤵
PID:3572

memory/3692-1-0x0000000003090000-0x0000000003190000-memory.dmp

Filesize
1024KB

Download
memory/3692-2-0x0000000002FB0000-0x000000000303F000-memory.dmp

Filesize
572KB

Download
memory/3692-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/3692-5-0x0000000003090000-0x0000000003190000-memory.dmp

Filesize
1024KB

Download
memory/3692-7-0x0000000002FB0000-0x000000000303F000-memory.dmp

Filesize
572KB

Download