Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
103s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 09:46
Static task
static1
Behavioral task
behavioral1
Sample
AE2CECB729341FDB2B6213209FCC515C.exe
Resource
win7-20231215-en
General
-
Target
AE2CECB729341FDB2B6213209FCC515C.exe
-
Size
2.2MB
-
MD5
ae2cecb729341fdb2b6213209fcc515c
-
SHA1
f8dafbce47c5b2f1cead0d4d32e278b9158e4b84
-
SHA256
73754918c3c14655c3170e2a9c69d9e47a775ae7b1edd1a2d02db23a69d32b4a
-
SHA512
8f6e2369c2a2840c450d047c71ed3da0484947f7a584bd204c34a193c295ef76c3a5cc876968c014f4ba257652fe7428d1c6d7bb7188be5a1b5e5789e25b6f89
-
SSDEEP
24576:9R4g2xvkun2PmbusWut1D4bEN1fYKkZ9EBo7GM52qOj4vjhJU+fbj5nILIW5uXKE:9R4Hxv/b7WutubEcdjgIEA7/eFGWDy
Malware Config
Extracted
orcus
27.124.3.19:6606
4c33dfbaf34e43feafc90544c4a21347
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
resource yara_rule behavioral1/memory/1944-3-0x0000000004A30000-0x0000000004B18000-memory.dmp orcus -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1944 AE2CECB729341FDB2B6213209FCC515C.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d