Overview

overview

10

Static

static

3

y1.exe

windows7-x64

10

y1.exe

windows10-1703-x64

10

y1.exe

windows10-2004-x64

10

y1.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-07-2024 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    y1.exe

  • Size

    523KB

  • MD5

    211704d0d7c978042c9fd858fd7a3256

  • SHA1

    ed582bf85c777e03990562af0ca5d3503646e462

  • SHA256

    98105987364d21e0167d6b6a90510a9beea0746eca7a3326c13c11806ffced79

  • SHA512

    a25778cfe12b106e73b2a410276c0fe7b999501abfe2bb4c51d60992691f2d540797c05fcdcd653580f499e3042a32e73d4881a294ba599299b344f58e56ee11

  • SSDEEP

    12288:0i0JjP5vT+d/J+jac6jNIW5qbHX6noVWo/mF2+:0iGr9Tk/QjaRjNIVbHqoVWo/mE+

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 1 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\y1.exe
    "C:\Users\Admin\AppData\Local\Temp\y1.exe"
    1⤵
      PID:1880
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 300
        2⤵
        • Program crash
        PID:4484
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1880 -ip 1880
      1⤵
        PID:1948

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1880-1-0x0000000002EE0000-0x0000000002FE0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1880-2-0x0000000004A80000-0x0000000004B11000-memory.dmp

        Filesize

        580KB

        Download