Analysis Overview
SHA256
0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f
Threat Level: Known bad
The file NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe was found to be: Known bad.
Malicious Activity Summary
Orcus
Orcurs Rat Executable
Orcus family
Orcus main payload
Orcurs Rat Executable
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-02 10:22
Signatures
Orcurs Rat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Orcus family
Orcus main payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-02 10:22
Reported
2023-12-02 10:24
Platform
win10v2004-20231201-en
Max time kernel
125s
Max time network
51s
Command Line
Signatures
Orcus
Orcurs Rat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
Files
memory/4840-1-0x0000000074490000-0x0000000074C40000-memory.dmp
memory/4840-0-0x0000000000CF0000-0x0000000000DE8000-memory.dmp
memory/4840-2-0x00000000058A0000-0x00000000058B0000-memory.dmp
memory/4840-3-0x0000000005740000-0x000000000574E000-memory.dmp
memory/4840-4-0x0000000005750000-0x00000000057AC000-memory.dmp
memory/4840-5-0x0000000005E60000-0x0000000006404000-memory.dmp
memory/4840-6-0x0000000005950000-0x00000000059E2000-memory.dmp
memory/4840-7-0x0000000005880000-0x0000000005892000-memory.dmp
memory/4840-8-0x0000000005890000-0x0000000005898000-memory.dmp
memory/4840-9-0x0000000006440000-0x000000000644A000-memory.dmp
memory/4840-10-0x0000000074490000-0x0000000074C40000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-02 10:22
Reported
2023-12-02 10:24
Platform
win7-20231130-en
Max time kernel
117s
Max time network
117s
Command Line
Signatures
Orcus
Orcurs Rat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe"
Network
Files
memory/1744-0-0x0000000000910000-0x0000000000A08000-memory.dmp
memory/1744-1-0x0000000074A10000-0x00000000750FE000-memory.dmp
memory/1744-2-0x00000000004C0000-0x0000000000500000-memory.dmp
memory/1744-3-0x0000000000330000-0x000000000033E000-memory.dmp
memory/1744-4-0x00000000022F0000-0x000000000234C000-memory.dmp
memory/1744-6-0x00000000007E0000-0x00000000007E8000-memory.dmp
memory/1744-5-0x0000000000520000-0x0000000000532000-memory.dmp
memory/1744-7-0x0000000074A10000-0x00000000750FE000-memory.dmp
memory/1744-8-0x00000000004C0000-0x0000000000500000-memory.dmp