raccoon | b7a9fb544e26599cb2f74a5f749b923c5ccce7885b30cd6281fe922756d4a961

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 07:42

Target

fc43a393f4359f0558ba20e468a8954e_JaffaCakes118.exe
Size

456KB
MD5

fc43a393f4359f0558ba20e468a8954e
SHA1

7c355090cc2055cd946e320c25e0b44d09b651e3
SHA256

b7a9fb544e26599cb2f74a5f749b923c5ccce7885b30cd6281fe922756d4a961
SHA512

7e48164c8bb61721e3dc269394bd4b43d029b0df95d2e0764ba21366e3f0b1c28b2f46a0172241ab4ba782e0aca225feff6ea1b13dfad1a772a68e960e62d599
SSDEEP

6144:jSLzW3ItL+hbC7sQ4MWbTtQI4Gvv8V9GUs1GsUX9xnuwhDmrEQI8QAYHwhZU9sIh:jH10srxKI4KGUSkEQI1ec

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4568-2-0x0000000004A50000-0x0000000004ADF000-memory.dmp	family_raccoon_v1
behavioral2/memory/4568-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/4568-6-0x0000000004A50000-0x0000000004ADF000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1060	4568	WerFault.exe	fc43a393f4359f0558ba20e468a8954e_JaffaCakes118.exe
2204	4568	WerFault.exe	fc43a393f4359f0558ba20e468a8954e_JaffaCakes118.exe
872	4568	WerFault.exe	fc43a393f4359f0558ba20e468a8954e_JaffaCakes118.exe
4748	4568	WerFault.exe	fc43a393f4359f0558ba20e468a8954e_JaffaCakes118.exe
1880	4568	WerFault.exe	fc43a393f4359f0558ba20e468a8954e_JaffaCakes118.exe
3432	4568	WerFault.exe	fc43a393f4359f0558ba20e468a8954e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fc43a393f4359f0558ba20e468a8954e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fc43a393f4359f0558ba20e468a8954e_JaffaCakes118.exe"
1⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 740
2⤵
- Program crash
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 776
2⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 744
2⤵
- Program crash
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 868
2⤵
- Program crash
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 1196
2⤵
- Program crash
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 620
2⤵
- Program crash
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 4568 -ip 4568
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4568 -ip 4568
1⤵
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4568 -ip 4568
1⤵
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4568 -ip 4568
1⤵
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4568 -ip 4568
1⤵
PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4568 -ip 4568
1⤵
PID:788

memory/4568-1-0x0000000002D50000-0x0000000002E50000-memory.dmp

Filesize
1024KB

Download
memory/4568-2-0x0000000004A50000-0x0000000004ADF000-memory.dmp

Filesize
572KB

Download
memory/4568-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/4568-6-0x0000000004A50000-0x0000000004ADF000-memory.dmp

Filesize
572KB

Download
memory/4568-7-0x0000000002D50000-0x0000000002E50000-memory.dmp

Filesize
1024KB

Download