raccoon | 8cc1f2e9be6f3247eec82638ed91df808ff8930c6470e80cf1013e9fa83086c9

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 04:56

Target

fe7b4a4c62a6de91ada1bb58ba351777_JaffaCakes118.exe
Size

456KB
MD5

fe7b4a4c62a6de91ada1bb58ba351777
SHA1

fd1bdb250c1e69397b12e3b6446f45defe0fa40a
SHA256

8cc1f2e9be6f3247eec82638ed91df808ff8930c6470e80cf1013e9fa83086c9
SHA512

fd6b82132571d72ab854b005843712329bde15f407b768c6c5f563307f1740328cb53cffa48420c8dfa78bd58f64ff76cc490ba3dc5796ffb0f26f75ba088bdd
SSDEEP

12288:4wwlE72i9L4cNsMc9j04QS8V3WniZI9lec:4wnl9L4cN/c9j04+mnCI9l

Score

10^/10

raccoon stealer

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 4 IoCs

Processes:

resource	yara_rule
behavioral2/memory/528-2-0x0000000004910000-0x000000000499F000-memory.dmp	family_raccoon_v1
behavioral2/memory/528-3-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/528-4-0x0000000000400000-0x0000000002D02000-memory.dmp	family_raccoon_v1
behavioral2/memory/528-7-0x0000000004910000-0x000000000499F000-memory.dmp	family_raccoon_v1

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
456	528	WerFault.exe	fe7b4a4c62a6de91ada1bb58ba351777_JaffaCakes118.exe
4920	528	WerFault.exe	fe7b4a4c62a6de91ada1bb58ba351777_JaffaCakes118.exe
3828	528	WerFault.exe	fe7b4a4c62a6de91ada1bb58ba351777_JaffaCakes118.exe
3872	528	WerFault.exe	fe7b4a4c62a6de91ada1bb58ba351777_JaffaCakes118.exe
2276	528	WerFault.exe	fe7b4a4c62a6de91ada1bb58ba351777_JaffaCakes118.exe
4108	528	WerFault.exe	fe7b4a4c62a6de91ada1bb58ba351777_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fe7b4a4c62a6de91ada1bb58ba351777_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fe7b4a4c62a6de91ada1bb58ba351777_JaffaCakes118.exe"
1⤵
PID:528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 740
2⤵
- Program crash
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 776
2⤵
- Program crash
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 892
2⤵
- Program crash
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 740
2⤵
- Program crash
PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 1204
2⤵
- Program crash
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 704
2⤵
- Program crash
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 528 -ip 528
1⤵
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 528 -ip 528
1⤵
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 528 -ip 528
1⤵
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 528 -ip 528
1⤵
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 528 -ip 528
1⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 528 -ip 528
1⤵
PID:2140

memory/528-1-0x0000000002F30000-0x0000000003030000-memory.dmp

Filesize
1024KB

Download
memory/528-2-0x0000000004910000-0x000000000499F000-memory.dmp

Filesize
572KB

Download
memory/528-3-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/528-4-0x0000000000400000-0x0000000002D02000-memory.dmp

Filesize
41.0MB

Download
memory/528-6-0x0000000002F30000-0x0000000003030000-memory.dmp

Filesize
1024KB

Download
memory/528-7-0x0000000004910000-0x000000000499F000-memory.dmp

Filesize
572KB

Download