Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f0b68ddc0b...18.exe

windows7-x64

10

f0b68ddc0b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe

  • Size

    468KB

  • MD5

    f0b68ddc0bef98205b22b8bccec05436

  • SHA1

    87a8ca516fbbb6a34bb8f4dd5a6f3930b64e90c9

  • SHA256

    adf56d5514f9ff609943983010d3fc67ac0b29d5f92ac9adc25bafba79bad88a

  • SHA512

    4b052079bcded8571e589cf945430fd0607fa7a2d97d066ee1c60f96787abb2517e6c85ea87f61f2936fdd1e016d7a00a8ba0a5d552d2f13e9808bc2e6a30e7c

  • SSDEEP

    6144:j2nWLbsyDsyW2EGKo1Y4rA6VUzGm5UiWSA1y7UEdRa0sORORDCi:uW8y4yWx8j86V2GmrWSKuUESOC2i

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 3 IoCs
  • Program crash 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f0b68ddc0bef98205b22b8bccec05436_JaffaCakes118.exe"
    1⤵
      PID:3692
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 740
        2⤵
        • Program crash
        PID:4296
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 776
        2⤵
        • Program crash
        PID:2156
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 756
        2⤵
        • Program crash
        PID:4632
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 892
        2⤵
        • Program crash
        PID:4840
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 1156
        2⤵
        • Program crash
        PID:3564
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 1168
        2⤵
        • Program crash
        PID:2596
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3692 -ip 3692
      1⤵
        PID:2920
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3692 -ip 3692
        1⤵
          PID:4336
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3692 -ip 3692
          1⤵
            PID:4012
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3692 -ip 3692
            1⤵
              PID:4260
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3692 -ip 3692
              1⤵
                PID:1808
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3692 -ip 3692
                1⤵
                  PID:3572

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/3692-1-0x0000000003090000-0x0000000003190000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/3692-2-0x0000000002FB0000-0x000000000303F000-memory.dmp

                  Filesize

                  572KB

                  Download

                • memory/3692-3-0x0000000000400000-0x0000000002D02000-memory.dmp

                  Filesize

                  41.0MB

                  Download

                • memory/3692-5-0x0000000003090000-0x0000000003190000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/3692-7-0x0000000002FB0000-0x000000000303F000-memory.dmp

                  Filesize

                  572KB

                  Download