raccoon | dca102c7e82eadf4ed9610081714bf04462e486ae00921d52acc850374aa4141

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 12:23

Target

f7fc0fc3fa38937e1b498dc4e4087659_JaffaCakes118.exe
Size

430KB
MD5

f7fc0fc3fa38937e1b498dc4e4087659
SHA1

7734a22eaa356aa7165df7deefaec86bd411b95f
SHA256

dca102c7e82eadf4ed9610081714bf04462e486ae00921d52acc850374aa4141
SHA512

e6a2b306b2bbd91c81fc3bf7083b18793fa9096b5ac5ffad738ada2659fde01e1c586bd7d8d2cdf45e713d53f9e6d39bd06b360857d5823c8af1c320e0a3f581
SSDEEP

12288:Kvf8R8wgJRBjRZnhGuqxbV5DQ0/G+XpZL:Kn8R8hjjRdhVMJ++f

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

resource	yara_rule
behavioral2/memory/2324-2-0x0000000004A40000-0x0000000004ACF000-memory.dmp	family_raccoon_v1
behavioral2/memory/2324-3-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/2324-4-0x0000000000400000-0x0000000002CFA000-memory.dmp	family_raccoon_v1
behavioral2/memory/2324-7-0x0000000004A40000-0x0000000004ACF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3268	2324	WerFault.exe	79
2840	2324	WerFault.exe	79
2088	2324	WerFault.exe	79
2256	2324	WerFault.exe	79
3984	2324	WerFault.exe	79
1556	2324	WerFault.exe	79

C:\Users\Admin\AppData\Local\Temp\f7fc0fc3fa38937e1b498dc4e4087659_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f7fc0fc3fa38937e1b498dc4e4087659_JaffaCakes118.exe"
1⤵
PID:2324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 748
  2⤵
  - Program crash
  PID:3268
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 756
  2⤵
  - Program crash
  PID:2840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 896
  2⤵
  - Program crash
  PID:2088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 860
  2⤵
  - Program crash
  PID:2256
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 1136
  2⤵
  - Program crash
  PID:3984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 660
  2⤵
  - Program crash
  PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 132 -p 2324 -ip 2324
1⤵
PID:828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2324 -ip 2324
1⤵
PID:1232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2324 -ip 2324
1⤵
PID:1312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2324 -ip 2324
1⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2324 -ip 2324
1⤵
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2324 -ip 2324
1⤵
PID:868

memory/2324-1-0x0000000002F10000-0x0000000003010000-memory.dmp

Filesize
1024KB

Download
memory/2324-2-0x0000000004A40000-0x0000000004ACF000-memory.dmp

Filesize
572KB

Download
memory/2324-3-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/2324-4-0x0000000000400000-0x0000000002CFA000-memory.dmp

Filesize
41.0MB

Download
memory/2324-6-0x0000000002F10000-0x0000000003010000-memory.dmp

Filesize
1024KB

Download
memory/2324-7-0x0000000004A40000-0x0000000004ACF000-memory.dmp

Filesize
572KB

Download