raccoon | 299298ec52e17083159627cff04c209ba05a2421debdb759e886f9a69d665c1d | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 22:09

Sharing

Report Analysis Logs

General

Target

AdobeGenP.exe
Size

444.9MB
MD5

990c2776648f18807d529dac58b72389
SHA1

866a20d4a4d49a50e09c2ffee39c96f09fd7ee73
SHA256

24283a726bd7eb1f2d0c9dce37f2e05160adf6f4830d6d4a9ecc985ec03df65b
SHA512

daf45dac2b1a78b8bc6a79d1a06c3b8ae2d43a78a4c61d12a9c3b9b0bec60828bd7d1352b6cefb46b6b5cc126a99485a16a0e29b352e5dda9ba747cb3c0383da
SSDEEP

6144:RFPK/bLjYIc9pxyN90vElTvWChzlS41R9d:RFC/f8y90svN/S2R9d

Score

10^/10

raccoon stealer

Malware Config

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V2 payload 1 IoCs

resource	yara_rule
behavioral1/memory/3024-0-0x0000000000020000-0x0000000000036000-memory.dmp	family_raccoon_v2

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2312	3024	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2312	3024	AdobeGenP.exe	31
PID 3024 wrote to memory of 2312	3024	AdobeGenP.exe	31
PID 3024 wrote to memory of 2312	3024	AdobeGenP.exe	31
PID 3024 wrote to memory of 2312	3024	AdobeGenP.exe	31

C:\Users\Admin\AppData\Local\Temp\AdobeGenP.exe
"C:\Users\Admin\AppData\Local\Temp\AdobeGenP.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 128
  2⤵
  - Program crash
  PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3024-0-0x0000000000020000-0x0000000000036000-memory.dmp

Filesize
88KB

Download