Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
17/07/2024, 01:26 UTC
General
-
Target
e64d0cbae39e367614ab4a884ec180a7e7a4ed0e15f349e0b10e8aacdcd1f585.exe
-
Size
907KB
-
MD5
9a063fd87d0f757afb0e28353c1f744c
-
SHA1
0d548e1796690e40424bd23bb3209d24d5aa319e
-
SHA256
e64d0cbae39e367614ab4a884ec180a7e7a4ed0e15f349e0b10e8aacdcd1f585
-
SHA512
2cf63d2c70c37becf18a8dfb8d6ae200f466804afde62a605b100359baf5380406dc1ce2cc8d7b0147b537c621e77898c74b3d87fee61bb5227c5bec21d02961
-
SSDEEP
12288:G0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCOcpCwFu/7u2pExO9u7dG1lFlWQ:GcS4MROxnFRcrrcI0AilFEvxHjR9Q9
Malware Config
Extracted
orcus
192.168.21.1:10135
48eb17a7509146f391ca61541dfb68f7
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcurs Rat Executable 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e64d0cbae39e367614ab4a884ec180a7e7a4ed0e15f349e0b10e8aacdcd1f585.exe"C:\Users\Admin\AppData\Local\Temp\e64d0cbae39e367614ab4a884ec180a7e7a4ed0e15f349e0b10e8aacdcd1f585.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
928KB
-
Filesize
368KB
-
Filesize
56KB
-
Filesize
9.9MB
-
Filesize
72KB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
9.9MB