f616db7cc3228879ff676d9c4d63955f0a1e7477191c08b0ef3ce5b601801d7c

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 16:21

Target

raccoon-4.24.0.exe
Size

13.2MB
MD5

0422527c1f0de1419f2b0bc08b511eb0
SHA1

df781bb811b268b75950974e77fa9cdb837247b6
SHA256

f616db7cc3228879ff676d9c4d63955f0a1e7477191c08b0ef3ce5b601801d7c
SHA512

db3b2369e76bead40f18a51c9ee26651c120703278aea9fb9b24e6399ba6d45b7d666ec26c891adb4ae1ef0f677c0a3af91b5ba3571233aec7e2c793160a7313
SSDEEP

196608:SQiK0+/B+NCqVPZtQvDVY0ULU+qdnomW34fbcJ24++B+gn5Kcrpl/:Sr+/B+YbVY0UQznbW34fbcJn+gn5vNJ

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2832	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2832	1948	raccoon-4.24.0.exe	28
PID 1948 wrote to memory of 2832	1948	raccoon-4.24.0.exe	28
PID 1948 wrote to memory of 2832	1948	raccoon-4.24.0.exe	28
PID 1948 wrote to memory of 2832	1948	raccoon-4.24.0.exe	28

C:\Users\Admin\AppData\Local\Temp\raccoon-4.24.0.exe
"C:\Users\Admin\AppData\Local\Temp\raccoon-4.24.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -Dswing.defaultlaf=com.sun.java.swing.plaf.windows.WindowsLookAndFeel -Djava.net.preferIPv4Stack=true -classpath "C:\Users\Admin\AppData\Local\Temp\raccoon-4.24.0.exe;lib\Raccoon-desktop-4.24.0.jar" de.onyxbits.raccoon.Main
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2832

memory/1948-0-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2832-3-0x00000000024B0000-0x0000000002720000-memory.dmp

Filesize
2.4MB

Download
memory/2832-21-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2832-22-0x00000000024B0000-0x0000000002720000-memory.dmp

Filesize
2.4MB

Download