Overview

overview

3

Static

static

3

Orangeware...re.exe

windows10-1703-x64

1

Analysis

  • max time kernel
    81s
  • max time network
    127s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/06/2023, 09:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    OrangewareMain/Orangeware.exe

  • Size

    875KB

  • MD5

    7570ca74ca4e68edd3bef780e6fb79af

  • SHA1

    7cbc4d190aa92dc80ad842bca4062a31bea4ce4e

  • SHA256

    5debd807dfd78f818472c68cc7f675973ea43a7477e6b1a6c6bde3619a478d55

  • SHA512

    bbc1f3dfeff3b4e0945d0834746eb2aef89e5063464892f40ddc8756b6f9ce8348ce2f56ba617d94c3abbd987b815caa90c0bf59c17050b3831d5b4fd95e6f00

  • SSDEEP

    24576:e4kFqVcj3DCZdzxDBT0SGx14n1falHBx:jqqoU1RS6n1e

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OrangewareMain\Orangeware.exe
    "C:\Users\Admin\AppData\Local\Temp\OrangewareMain\Orangeware.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\OrangewareMain\Orangeware.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4156
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\OrangewareMain\Orangeware.exe" MD5
        3⤵
          PID:4108
        • C:\Windows\system32\find.exe
          find /i /v "certutil"
          3⤵
            PID:4252
          • C:\Windows\system32\find.exe
            find /i /v "md5"
            3⤵
              PID:4260

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/3664-121-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-120-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-123-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-122-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-124-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-126-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-125-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-127-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-129-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-128-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-131-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-130-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-133-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-132-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-134-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-135-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-136-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-137-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-138-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-139-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-141-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-140-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-142-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3664-143-0x000002E013C30000-0x000002E013C31000-memory.dmp

                Filesize

                4KB

                Download