Overview

overview

10

Static

static

3

fd86ad3ec8...18.exe

windows7-x64

10

fd86ad3ec8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd86ad3ec87e3e106b6305124f2f284b_JaffaCakes118.exe

  • Size

    457KB

  • MD5

    fd86ad3ec87e3e106b6305124f2f284b

  • SHA1

    b3cddcd626d055bc2b0275e8ff7b30baf12128cb

  • SHA256

    5670fd70ddaf5aa1d1d449b7beb1c56648a94aa73ed151729c603a458e1d461f

  • SHA512

    190e4385880597fd8afd967800565247129015e5b635fe7d4577302896dcef4288e08b0f2239295ae3603488c706c2cdf84c8300351803492c2a15eb8b383a44

  • SSDEEP

    6144:3cZmoZtvxiBRqGeQikLxOPYB5azK5zbPd6dV1n83iOMxMgPrlHwhZU9sI5/:3DRqG758PY/NxPwVq3iOMxXBec

Score
10/10
raccoonstealer

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 4 IoCs
  • Program crash 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd86ad3ec87e3e106b6305124f2f284b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fd86ad3ec87e3e106b6305124f2f284b_JaffaCakes118.exe"
    1⤵
      PID:2508
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 748
        2⤵
        • Program crash
        PID:3996
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 784
        2⤵
        • Program crash
        PID:2844
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 872
        2⤵
        • Program crash
        PID:3128
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 892
        2⤵
        • Program crash
        PID:2984
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1148
        2⤵
        • Program crash
        PID:2656
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 1228
        2⤵
        • Program crash
        PID:1676
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2508 -ip 2508
      1⤵
        PID:4864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2508 -ip 2508
        1⤵
          PID:4984
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2508 -ip 2508
          1⤵
            PID:2116
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2508 -ip 2508
            1⤵
              PID:780
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2508 -ip 2508
              1⤵
                PID:3388
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2508 -ip 2508
                1⤵
                  PID:4644

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/2508-1-0x0000000003070000-0x0000000003170000-memory.dmp
                  Filesize

                  1024KB

                  Download
                • memory/2508-2-0x0000000002F80000-0x000000000300F000-memory.dmp
                  Filesize

                  572KB

                  Download
                • memory/2508-3-0x0000000000400000-0x0000000002D02000-memory.dmp
                  Filesize

                  41.0MB

                  Download
                • memory/2508-4-0x0000000000400000-0x0000000002D02000-memory.dmp
                  Filesize

                  41.0MB

                  Download
                • memory/2508-6-0x0000000003070000-0x0000000003170000-memory.dmp
                  Filesize

                  1024KB

                  Download
                • memory/2508-7-0x0000000002F80000-0x000000000300F000-memory.dmp
                  Filesize

                  572KB

                  Download