Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Orbit Unkn...ts.exe

windows11-21h2-x64

8

Orbit/Driv...er.exe

windows11-21h2-x64

1

Orbit/Win10_22H2.dll

windows11-21h2-x64

1

Orbit/Win11_22H2.dll

windows11-21h2-x64

1

Orbit/cs2-dumper.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    243s
  • max time network
    292s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02/10/2024, 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Orbit Unknowncheats.exe

  • Size

    1.9MB

  • MD5

    83b7b051a986977e209078ef4e569df3

  • SHA1

    a8d4175591ad2ecffc3bc42dcfa968ae9ada0449

  • SHA256

    500695942bc3c61fa8478e9c48a6155f7ff87c9cb544ac61baeb4ca913ec6774

  • SHA512

    222ad16a76ddb87e1219e64a52f0abdca8030dfecbd3b359d07bf87ba8f4b1cc600e5d2e3abaacd22c409159441c5e477fdf9c4a9dbb04734611cbc46c123036

  • SSDEEP

    49152:L3eUCQm+Hr5W3JtgiDqMs0+iFKR3YBYQneL:bezEQ3DgiDqMs0+iFY3w

Score
8/10
defense_evasion

Malware Config

Signatures

  • Modify Registry: Disable Windows Driver Blocklist 2 TTPs 1 IoCs

    Disable Windows Driver Blocklist via Registry.

    defense_evasion
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Orbit Unknowncheats.exe
    "C:\Users\Admin\AppData\Local\Temp\Orbit Unknowncheats.exe"
    1⤵
    • Modify Registry: Disable Windows Driver Blocklist
    • Suspicious use of WriteProcessMemory
    PID:4044
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      2⤵
        PID:3816

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads