Analysis
-
max time kernel
35s -
max time network
41s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
16/03/2025, 20:56
General
-
Target
everything/OrcusRAT/orсus/orсus 9191/Orcus.Administration.exe
-
Size
4.0MB
-
MD5
cc3670f1b3e60e00b43c86d787563a44
-
SHA1
4f1f8908f0ca7dc5ad01c3029206cc8c9d735e09
-
SHA256
9ca18641bc6b48708e4314b3f8275860aef6b9ea16cd6230d781f0abaa84c853
-
SHA512
684e584d8f2c6ace168760faacdd6ef44fbb85ec519805046e7d183ccf9faf4eb6764b84326aba0a90223a5b8354c3f9d055cf2297416b4562ca417924da9442
-
SSDEEP
49152:zB5DkV7F/Al4gU97zCvyRtQ5SH1veaEX6NrGAiAl4:zB5Dk7/Al4gU97zCvyRC5SBeJAl4
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\everything\OrcusRAT\orсus\orсus 9191\Orcus.Administration.exe"C:\Users\Admin\AppData\Local\Temp\everything\OrcusRAT\orсus\orсus 9191\Orcus.Administration.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4808,i,12030828389203788867,5625121188556233588,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=5160,i,12030828389203788867,5625121188556233588,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6368,i,12030828389203788867,5625121188556233588,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:141⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4.0MB
-
Filesize
744KB
-
Filesize
2.6MB
-
Filesize
7.7MB
-
Filesize
1.0MB
-
Filesize
7.7MB
-
Filesize
1.2MB
-
Filesize
136KB
-
Filesize
1.0MB
-
Filesize
80KB
-
Filesize
208KB
-
Filesize
64KB
-
Filesize
544KB
-
Filesize
112KB
-
Filesize
72KB
-
Filesize
368KB
-
Filesize
56KB
-
Filesize
536KB
-
Filesize
136KB
-
Filesize
3.3MB
-
Filesize
608KB
-
Filesize
72KB
-
Filesize
32KB
-
Filesize
40KB
-
Filesize
48KB
-
Filesize
32KB
-
Filesize
3.3MB
-
Filesize
32KB
-
Filesize
40KB
-
Filesize
72KB
-
Filesize
32KB
-
Filesize
1.5MB
-
Filesize
5.6MB
-
Filesize
584KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
408KB
-
Filesize
96KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
224KB
-
Filesize
56KB
-
Filesize
7.7MB
-
Filesize
6.1MB
-
Filesize
48KB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
72KB
-
Filesize
7.7MB