c57286a7db82264844714682f943fdd9f816eaa27ca1a500514cea13466e85e4

Submit
Reports

Overview

overview

Static

static

Orcus 1.9....on.exe

windows7-x64

Orcus 1.9....on.exe

windows10-2004-x64

Orcus 1.9....ow.dll

windows7-x64

Orcus 1.9....ow.dll

windows10-2004-x64

Orcus 1.9....eo.dll

windows7-x64

Orcus 1.9....eo.dll

windows10-2004-x64

Orcus 1.9....ox.dll

windows7-x64

Orcus 1.9....ox.dll

windows10-2004-x64

Orcus 1.9....re.dll

windows7-x64

Orcus 1.9....re.dll

windows10-2004-x64

Orcus 1.9....Ex.dll

windows7-x64

Orcus 1.9....Ex.dll

windows10-2004-x64

Orcus 1.9....ed.dll

windows7-x64

Orcus 1.9....ed.dll

windows10-2004-x64

Orcus 1.9....ed.dll

windows7-x64

Orcus 1.9....ed.dll

windows10-2004-x64

Orcus 1.9....er.dll

windows7-x64

Orcus 1.9....er.dll

windows10-2004-x64

Orcus 1.9....op.dll

windows7-x64

Orcus 1.9....op.dll

windows10-2004-x64

Orcus 1.9....it.dll

windows7-x64

Orcus 1.9....it.dll

windows10-2004-x64

Orcus 1.9....ib.dll

windows7-x64

Orcus 1.9....ib.dll

windows10-2004-x64

Orcus 1.9....rk.dll

windows7-x64

Orcus 1.9....rk.dll

windows10-2004-x64

Orcus 1.9....al.dll

windows7-x64

Orcus 1.9....al.dll

windows10-2004-x64

Orcus 1.9....ro.dll

windows7-x64

Orcus 1.9....ro.dll

windows10-2004-x64

Orcus 1.9....ks.dll

windows7-x64

Orcus 1.9....ks.dll

windows10-2004-x64

Analysis

max time kernel
93s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 15:31

Sharing

Copy URL

Twitter E-mail

Static task

static1

orcus

4 signatures

Behavioral task

behavioral1

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/Orcus.Administration.exe

Resource

win7-20240903-en

discovery

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/Orcus.Administration.exe

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/AForge.Video.DirectShow.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/AForge.Video.DirectShow.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/AForge.Video.dll

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/AForge.Video.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Be.Windows.Forms.HexBox.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Be.Windows.Forms.HexBox.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/CSCore.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/CSCore.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/DirectoryInfoEx.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/DirectoryInfoEx.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Exceptionless.Signed.dll

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Exceptionless.Signed.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Exceptionless.Wpf.Signed.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Exceptionless.Wpf.Signed.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/FluentCommandLineParser.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/FluentCommandLineParser.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/GongSolutions.Wpf.DragDrop.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/GongSolutions.Wpf.DragDrop.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/ICSharpCode.AvalonEdit.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/ICSharpCode.AvalonEdit.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/ICSharpCode.SharpZipLib.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/ICSharpCode.SharpZipLib.dll

Resource

win10v2004-20240910-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Lidgren.Network.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Lidgren.Network.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/MahApps.Metro.IconPacks.Material.dll

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/MahApps.Metro.IconPacks.Material.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/MahApps.Metro.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/MahApps.Metro.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Microsoft.Threading.Tasks.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Microsoft.Threading.Tasks.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/DirectoryInfoEx.dll
Size

224KB
MD5

314955d214bb02847e7f8607a16ec550
SHA1

c471e2948d0cd1d4a11902a134735f00cd78c0c1
SHA256

82fd40348eb630313d5032910d021ebd982fdde086fbe73ba8947a6d2cb40357
SHA512

0ea2457db279159c1983455eee50a69305a151c012b9948950d038c101efc08a00da1f456a76a4351770684783c2e01a536ea194bb7f586865865d90d6dbb8de
SSDEEP

3072:ue4PnMTtdrkD4u5wrT/ISpzM/p90brGp+2vQM1O4VzXOf6l/R5XKpJG6mzpF0qq:ue4PnMTjkD4XcYAsqp+ffCzXewRVD0

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Orcus 1.9.1 Anti-Takedown\Modded Client\libraries\DirectoryInfoEx.dll",#1
1⤵
PID:4148

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads