Overview

overview

10

Static

static

10

Orcus.Admi...on.exe

windows7-x64

3

Orcus.Admi...on.exe

windows10-2004-x64

10

libraries/...er.dll

windows7-x64

1

libraries/...er.dll

windows10-2004-x64

1

libraries/...ds.dll

windows7-x64

1

libraries/...ds.dll

windows10-2004-x64

1

libraries/...re.dll

windows7-x64

1

libraries/...re.dll

windows10-2004-x64

1

libraries/...er.dll

windows7-x64

1

libraries/...er.dll

windows10-2004-x64

1

libraries/...ns.dll

windows7-x64

1

libraries/...ns.dll

windows10-2004-x64

1

libraries/...es.dll

windows7-x64

1

libraries/...es.dll

windows10-2004-x64

1

libraries/...ls.dll

windows7-x64

1

libraries/...ls.dll

windows10-2004-x64

1

libraries/...ns.dll

windows7-x64

1

libraries/...ns.dll

windows10-2004-x64

1

libraries/...es.dll

windows7-x64

1

libraries/...es.dll

windows10-2004-x64

1

libraries/...ed.dll

windows7-x64

1

libraries/...ed.dll

windows10-2004-x64

1

libraries/...ds.dll

windows7-x64

1

libraries/...ds.dll

windows10-2004-x64

1

libraries/...pf.dll

windows7-x64

1

libraries/...pf.dll

windows10-2004-x64

1

libraries/OxyPlot.dll

windows7-x64

1

libraries/OxyPlot.dll

windows10-2004-x64

1

libraries/...GI.dll

windows7-x64

1

libraries/...GI.dll

windows10-2004-x64

1

libraries/...11.dll

windows7-x64

1

libraries/...11.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Orcus.Administration.exe

  • Size

    3.9MB

  • MD5

    d2ad90e1c4ca9ea13c31febb5424ad40

  • SHA1

    fe6742914356f7e2b29430ec3f46d2343dac07aa

  • SHA256

    ac5343d5eb944b51c8dee8adfb5975402199813230af90bb33c24f411c545b63

  • SHA512

    6a049d35af887bb96a08165a25d693f3e0dbf40a91c1e1c9db4df56a04a2171836197c10058232918e333a8021c8c0a3f01f014997147b2c62acee900fe6e357

  • SSDEEP

    49152:MO541QLPPV7Al40NVANW8cyTj/e1nsaLlZWneHAl4:MO1V7Al40NG48cyTC5LlZWneHAl4

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Orcus.Administration.exe
    "C:\Users\Admin\AppData\Local\Temp\Orcus.Administration.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=Orcus.Administration.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eaf397749c82c6c50d8dfe7d4c147341

    SHA1

    6f7fce78bcbd207fbb1e7da8de7fdf781f3a2487

    SHA256

    7258800ae5b967568322d41877738d4a48aa08adbc5c26e3a5f96df0a8b8d9de

    SHA512

    290499be6bcde8ccdf971506a646a35e448dcccff0ef644be4d1899a83f77171ecd3c2d7ea36efbacec1c661cf6d9f509c2e0292fb6a15f94977b54095896d62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4666310057ecdfa1b953686d2f83b6e0

    SHA1

    8fb79f74b200cdb12a147d219c4cf9d2c46af4d3

    SHA256

    8dd1f5dd1ae91c54a552b2bc0187b9c6675254aaef74586559d78a05a49dea26

    SHA512

    bd3ceccf66a2766c6d94648b58c90899f14e855deea4d6ccfc7a373800c4b6fc359b3965a1e94b7b728b7c3e8da63a6b7c19b852ebf01d704ad49b8a396e6f5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6a7ec52a952b62a87ac1cb8e2ea54eb

    SHA1

    9e1af9ca8c94cfabaa147db22b22dff7a30084d0

    SHA256

    32f959ec59aa137eec0ddda959034c8803d5f8fce0ccdfd102db65912cc6d8af

    SHA512

    3859d3e49a90f8138112602f4d24e10f32113e17feafc2b56f7e4aed07db57fdc5af8bcf9e816d100e79ea6381f1054432b4a9ccfdaa63165b9ec4c72c0b9a89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    066891dd98ccb230c1b3487e0da9a038

    SHA1

    f9fa32a0270be51089b312f65f382109ae2cd478

    SHA256

    d632feb47a35a70dce98e6a0f3273f250929bbde1db39588b72328604d16c192

    SHA512

    8c5cddabf4934fe63c8af7dc0ddcdfcbbf74ef0584101904f4ffc653684294fd0aab038117cd9bfb2ae74ecfc6692a928446055b3ec22ba6c5f1e89a33e9abc1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e078a2a344f7b70b1bf31796cda63ae1

    SHA1

    49ae924ff51f5b6cc3b85ca3a5c12b532f6c83d9

    SHA256

    0ddea5f442c6da3b6e0a3b808bfa6598ff8ca0e1a7d37af642d409979b4f410f

    SHA512

    d5409e7a1aa5d0eff5cc64fb7c437ff9fb60a18a8e11e7a1219ad8ab137a9abe3ab3d4f7b5df2d1b8d07d5ee2b4b2bceeab8bdb1231bc898874160ef6f3a1d73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    261277841e07c31670983e7c9b702f08

    SHA1

    801eee9d1e8241500b77f2011ec25ace9360d44a

    SHA256

    f64846a1e792202934657a29308a8a734a5f978cfd56132e43d52b0e42ffa571

    SHA512

    dacc756944991e292afbf3bad4a35f9e36f285ae37bc0e35d3ee34771bef086cd257f4b5ab57897dbf6d3abfd700e4a424e5750cec0ae223b07e468a4b16aee6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbb201f7418726b1fccd794bad8ac618

    SHA1

    5f0c567de9400ad1e8a69f746a58787682edc7db

    SHA256

    314f0563e7ddb30e9dcc4268ab5d09415f50e0c708610b4ba4fc6cd7d72397bf

    SHA512

    2a1a2cbfe639aaef986fc55d6658cf14efd052ae8a7e1acac3cf84022eadd67e0ab2217588f494ecc679a4ea95440294716d2fb8ccf0f30ffd61e643a61db52e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be921d32e6c25889e143741e1817336a

    SHA1

    c521b164d89778313b5714e47f13d6127a7740de

    SHA256

    f8fdcc5e6670863d28fa1cb631e6e77568f6ba47462367d1c61a8e53866d1f48

    SHA512

    21879527268fc410a8c0e5839237a2b295d84eeeec405c0345bd80ea8f017eb67b56940030fedcfad6c7519cca5b1dbed760ec9b0ce442219e877574ee5a5e3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    124115ecea1fe47cdd9c076dc465df4f

    SHA1

    4807745f8edef3f1208764fdd9647f1296f28014

    SHA256

    007879e732a16831304a095f4b2ab08a37a86b4247a729acd34089a7981abc0c

    SHA512

    cffdde90eacb91fac10292d6fd1012db574bb5ade9886e86ce5e49e895ea33c19627f5f4bf6a660fa9ec6f9df31a8e9d787dfd21cdcb90ae1f99241728586bd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35d3933e697bddf1afe2502065176f5a

    SHA1

    ff3d650807906166992598e026952366e28cfa88

    SHA256

    957214d9e88309cab1a615c778785cb7f3b2a6bea7ad1d39573fb663acb171e6

    SHA512

    522efbdc7e09b6e5247998a18712ab1aa9a30e055f39a8572e3a76ddc1e1a41f01bd953b4d801192189c61714b08ac5300df6255de429113d12a466e1eb5dfce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5516f0b97dcdad7260f27354c5894a76

    SHA1

    6a8e194008f3e6402ca0da5d7cb1e60284df16f9

    SHA256

    2d72f5116438ec6688efbb790996b2af7b834f92be23431854d1b1fe46ca44e3

    SHA512

    c2fd55f46089a165f91c6fd5fe576b3e8c23c847cf1e8e4054a7a42a659f3a2ef2ac5710a2ab965206ca593fdd822790a5b49b9b0399301acd89ec582336bc14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c11b40acd2626ffbf6d546ed6c027c11

    SHA1

    22d5cd2fccc941dcb12f92b82b9462bc90c0cec8

    SHA256

    2f80ecc7333b21cbe7b0ac9475092fbe720b0a80899e5ac2cdaea5ac3c88fb91

    SHA512

    0761374071fe9939d66fd7560a5ab5bb6d6757c8147d7ebf370fe395a4639600cb252cee5906a851b044cb7fa3369ac20fe8aebca2eb2dcbf2ebee6215d4d10b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1d1f6a0c6f0c4e028137737a492de27

    SHA1

    35f53d29e53991a13781d8cbcea768119df69fcb

    SHA256

    fcf3f32c5a3b8fd055d3ffcc801c882f4d89da0b4d3b63a0fb9610a4e518ecd7

    SHA512

    8a8e56b989ba53aa4f183a2d7d8aa17b0c1f400619d793dc661cf761c3e02a9fbc4b7142cfba017fad49c8f9161b05379cf4e185a1cc0612c1554ffaff76eeb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94f7e203d48a8bcd48d9bb6f7c81f3b7

    SHA1

    3a0ae10ba6a3ff937cfff156688193b9f6880f19

    SHA256

    86e75716a419ba42cfacaaac6cba73da3f57970cea6e892a855358319493f939

    SHA512

    aae545e8a727e93ade3c4c26aa1f5317b8b56d599ea9fc25568139ba1bc524682cbafb1175adfd52aa4a426f11925c727967b85028c522f407a6591e69ab59b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    231399cab4a31a155c1beea00f15cbb1

    SHA1

    c53430aa3e705efd01d6270835e5d71a54be6205

    SHA256

    035e1db0c6f88e7aceb349e2c29b7cd1e0c67b55ce272812ead00fed717872f6

    SHA512

    915da9d90344dea584073de21cf68a6233446e4b4a3f053e612317bafcaafd112ea07dc98cdbd9e33756fe313a2d9f84320765e4859f9703130d3643d7fe2153

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4882292ccd99aa2267f1aa10e6f22e5f

    SHA1

    f4010a4eba69615389438ff5e2df1a2120b52433

    SHA256

    2a16d32dba2d68e55408bf7358fdce0b3b3ad1ce24abe6a3041d2a1b88d704a7

    SHA512

    bed9e4e6eb71c0f19ecd6657fbe03ca7bab9a66f9f9edac9482c02bdd486dde92f235d8010d28eb2428e3b70019e5100166504832259d570185d0f8e0ea543c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ad408e276a674e91d6399c875c8f3bf

    SHA1

    c1c477f9e2bc538a86dffc1c85dd03e407a0e83e

    SHA256

    53dc02d2e2a8088b69617eed231c45b7266102d0346fb8fd18f85cdb9c916d8e

    SHA512

    8059e1b5732a8f2cf102a1f73f307dae369bf89bb1b194e5de1a9720b9d6ac1067ba093a6e1aec94e02cde64956813f62956fbb1553f60e1e0537f5f1bf5e66b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    217c98b6eea57d8305dea4b8e2c64908

    SHA1

    88b709f554c5051cc6028e45b0b8a3b2f832c352

    SHA256

    9d6313a20f8068884dcb0b0c1319199b8c8766327665274b575c28105c98d854

    SHA512

    a778e0c398a288d1dd530ea25c522ce425fb2b17d393bb101b846f6924f4354e99db0177b2a895f1646d1bf7ad8a2bf6a2c096312f575153dd6e85346727df6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b85d36652bee3ff82e75e402c3a3a68

    SHA1

    2f9f76e869a8929f4c3d41013525ad716e6c22d8

    SHA256

    a87e593977df8be49f2065d9caeb66166acb0a7bdb270d0fe4955f449ae578da

    SHA512

    11386a38e70fa425fa35ce891d5911694cc13cf0e4b76bc8e61fae714cbdc14c2e584c9e84b4da813e03c65e6efd133160594ad73d8c32ae5cd932de51268a07

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD54B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD56D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit