Overview

overview

10

Static

static

10

Orcus RAT.rar

windows7-x64

7

Orcus RAT.rar

windows10-2004-x64

1

Release/Ex...ed.pdb

windows7-x64

3

Release/Ex...ed.pdb

windows10-2004-x64

3

Release/Ex...ed.xml

windows7-x64

3

Release/Ex...ed.xml

windows10-2004-x64

1

Release/Ex...ed.xml

windows7-x64

3

Release/Ex...ed.xml

windows10-2004-x64

1

Release/Fl...er.pdb

windows7-x64

3

Release/Fl...er.pdb

windows10-2004-x64

3

Release/Fl...er.xml

windows7-x64

3

Release/Fl...er.xml

windows10-2004-x64

1

Release/Go...op.pdb

windows7-x64

3

Release/Go...op.pdb

windows10-2004-x64

3

Release/Go...op.xml

windows7-x64

3

Release/Go...op.xml

windows10-2004-x64

1

Release/IC...it.xml

windows7-x64

3

Release/IC...it.xml

windows10-2004-x64

1

Release/Ma...al.xml

windows7-x64

3

Release/Ma...al.xml

windows10-2004-x64

1

Release/Ma...ro.xml

windows7-x64

3

Release/Ma...ro.xml

windows10-2004-x64

1

Release/Mi...ks.xml

windows7-x64

3

Release/Mi...ks.xml

windows10-2004-x64

1

Release/NLog.js

windows7-x64

3

Release/NLog.js

windows10-2004-x64

3

Release/Ne...on.xml

windows7-x64

3

Release/Ne...on.xml

windows10-2004-x64

1

Release/Oo...pf.pdb

windows7-x64

3

Release/Oo...pf.pdb

windows10-2004-x64

3

Release/Oo...pf.xml

windows7-x64

3

Release/Oo...pf.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2024 22:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Release/GongSolutions.WPF.DragDrop.xml

  • Size

    72KB

  • MD5

    acfd3c87541898ddbe58ac661155cf23

  • SHA1

    1699d1d9be61144085f16996698c52b51eb4215c

  • SHA256

    bdda71a532d81e93f5713fc096d4b0b423d38272674799c5cd26ce4b26d4ca02

  • SHA512

    64cc79c2f8c62da97c90b9bf9484f8bcf0e586d470aefeed49976c04da07a1601b5abbc34939180568b72a055032a7a6293c3bdbb75825cd936e342da8a479eb

  • SSDEEP

    768:hKE6JuJJ+7d7BfmXB9DtbI8OAM/6OhDfkn/fZII9n+Y4t/gtzMHKk:hr6HZoB9Dt+6ZfZII9n+Y4t/gtzMHt

Score
1/10

Malware Config

Signatures

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Release\GongSolutions.WPF.DragDrop.xml"
    1⤵
      PID:1756

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1756-1-0x00007FF8EE92D000-0x00007FF8EE92E000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1756-0-0x00007FF8AE910000-0x00007FF8AE920000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1756-2-0x00007FF8EE890000-0x00007FF8EEA85000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1756-3-0x00007FF8EE890000-0x00007FF8EEA85000-memory.dmp

      Filesize

      2.0MB

      Download