Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5219a1cc7c8b44f97ea07833a9081b01ac31f449e709628d3009fdb3cc641c6a
-
Size
842KB
-
MD5
7b0a938f83e50c2727861e5417686466
-
SHA1
f395ba69d3c30d1294028a0a6e5953f8acb9cc08
-
SHA256
5219a1cc7c8b44f97ea07833a9081b01ac31f449e709628d3009fdb3cc641c6a
-
SHA512
b95bcc6d472e21a0a7b1fb6340929fc81915d7920f50602b2fe5131ff3b2467a8bfd0629ee7050af6c4187ab46ff492411f9ba260518ef9fe160504a98a014e8
-
SSDEEP
24576:YYNS04YNEMuExDiU6E5R9s8xY/2l/dZLc83eIbt+rK:YYf4auS+UjfU2TBt3eIbt+r
Malware Config
Extracted
orcus
127.0.0.1
tcp.cloudpub.ru
722d9b7589484fe0ad2cbb82af030f2f
-
administration_rights_required
false
-
anti_debugger
false
-
anti_tcp_analyzer
false
-
antivm
false
-
autostart_method
2
-
change_creation_date
false
-
force_installer_administrator_privileges
false
-
hide_file
false
-
install
false
-
installation_folder
%appdata%\Microsoft\Speech\AudioDriver.exe
-
installservice
false
-
keylogger_enabled
false
-
newcreationdate
12/16/2024 19:59:14
-
plugins
AgUFyfihswTdIPqEArukcmEdSF06Hw9CAFMAbwBEACAAUAByAG8AdABlAGMAdABpAG8AbgAHAzEALgAwAEEgOAAzADUAMQBmADcANAA4ADEAZQAzADUANABhADEAMwBhAGYAOAA1ADAANQA3ADQAZABjADAAYgBlADQAMwBmAAEAAAACAg==
-
reconnect_delay
10000
-
registry_autostart_keyname
Audio HD Driver
-
registry_hidden_autostart
false
-
set_admin_flag
false
-
tasksch_name
Audio HD Driver
-
tasksch_request_highest_privileges
false
-
try_other_autostart_onfail
false
Signatures
-
Orcus family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
5219a1cc7c8b44f97ea07833a9081b01ac31f449e709628d3009fdb3cc641c6a
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections