Overview

overview

10

Static

static

3

mixazed_20...20.exe

windows7-x64

10

mixazed_20...20.exe

windows10-2004-x64

10

mixazed_20...23.exe

windows7-x64

10

mixazed_20...23.exe

windows10-2004-x64

10

mixazed_20...04.exe

windows7-x64

10

mixazed_20...04.exe

windows10-2004-x64

10

mixazed_20...25.exe

windows7-x64

10

mixazed_20...25.exe

windows10-2004-x64

10

mixazed_20...06.exe

windows7-x64

10

mixazed_20...06.exe

windows10-2004-x64

10

mixazed_20...07.exe

windows7-x64

10

mixazed_20...07.exe

windows10-2004-x64

10

mixazed_20...48.exe

windows7-x64

10

mixazed_20...48.exe

windows10-2004-x64

10

mixsix_202...11.exe

windows7-x64

10

mixsix_202...11.exe

windows10-2004-x64

10

usfive_202...29.exe

windows7-x64

10

usfive_202...29.exe

windows10-2004-x64

10

usfive_202...19.exe

windows7-x64

10

usfive_202...19.exe

windows10-2004-x64

10

usfive_202...38.exe

windows7-x64

10

usfive_202...38.exe

windows10-2004-x64

10

usfive_202...22.exe

windows7-x64

10

usfive_202...22.exe

windows10-2004-x64

10

usfive_202...45.exe

windows7-x64

10

usfive_202...45.exe

windows10-2004-x64

10

usfive_202...26.exe

windows7-x64

10

usfive_202...26.exe

windows10-2004-x64

10

usfive_202...26.exe

windows7-x64

10

usfive_202...26.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-11-2024 21:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mixsix_20210808-081411.exe

  • Size

    843KB

  • MD5

    c46bc8453f429ca0bb33cb9d08982873

  • SHA1

    093a1e775be814d24bcaba7422d4ef6685edec0d

  • SHA256

    abcdce434d8b3a78ab1daadd366951434715cb5446be2fb08ca18f9b227ed80f

  • SHA512

    62561d0679d23884de01bfad56efad8575c23ac831d2a76325d630f9968c8e470bd9dafe13e1f380ee4b3a434c16d1c603c8c67111ddad7f5e719a233c18a03d

  • SSDEEP

    12288:x90L3Iiv1t294X2au5Agw/gvIu4QN0i/mTanrPF53A9+oyKv1AhzPRrY:x90rudu3Q0KEgU7yC1AhzZY

Score
10/10
raccoondiscoverystealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 2 IoCs
  • Raccoon family
    raccoon
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mixsix_20210808-081411.exe
    "C:\Users\Admin\AppData\Local\Temp\mixsix_20210808-081411.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Users\Admin\AppData\Local\Temp\mixsix_20210808-081411.exe
      "C:\Users\Admin\AppData\Local\Temp\mixsix_20210808-081411.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1452
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 284
      2⤵
      • Program crash
      PID:1872
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1284 -ip 1284
    1⤵
      PID:4820

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1284-18-0x0000000004BB0000-0x0000000004C63000-memory.dmp

      Filesize

      716KB

      Download

    • memory/1284-1-0x0000000004BB0000-0x0000000004C63000-memory.dmp

      Filesize

      716KB

      Download

    • memory/1284-23-0x0000000000400000-0x0000000000920000-memory.dmp

      Filesize

      5.1MB

      Download

    • memory/1284-7-0x0000000000400000-0x0000000002D09000-memory.dmp

      Filesize

      41.0MB

      Download

    • memory/1284-8-0x0000000000400000-0x0000000002D09000-memory.dmp

      Filesize

      41.0MB

      Download

    • memory/1284-9-0x0000000000400000-0x0000000002D09000-memory.dmp

      Filesize

      41.0MB

      Download

    • memory/1284-11-0x0000000000400000-0x0000000002D09000-memory.dmp

      Filesize

      41.0MB

      Download

    • memory/1284-12-0x0000000000400000-0x0000000002D09000-memory.dmp

      Filesize

      41.0MB

      Download

    • memory/1284-4-0x0000000000400000-0x0000000000920000-memory.dmp

      Filesize

      5.1MB

      Download

    • memory/1284-2-0x0000000004C70000-0x0000000004D28000-memory.dmp

      Filesize

      736KB

      Download

    • memory/1284-17-0x0000000000400000-0x0000000002D09000-memory.dmp

      Filesize

      41.0MB

      Download

    • memory/1284-21-0x0000000004C70000-0x0000000004D28000-memory.dmp

      Filesize

      736KB

      Download

    • memory/1452-25-0x0000000000400000-0x00000000008DF000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/1452-19-0x0000000000400000-0x00000000008DF000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/1452-13-0x0000000000400000-0x00000000008DF000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/1452-22-0x0000000000400000-0x00000000008DF000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/1452-15-0x0000000000400000-0x00000000008DF000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/1452-24-0x0000000000400000-0x00000000008DF000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/1452-14-0x0000000000400000-0x00000000008DF000-memory.dmp

      Filesize

      4.9MB

      Download