bb055d6da2fe14b49ef88005ed43a507eb98087a0c8a6b722b781717eed8cac2

Analysis

max time kernel
369s
max time network
393s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31/03/2023, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vuze_5760_Installer.exe
Size

89KB
MD5

b2ce12cffcc5ee39ffdb9329e83a4099
SHA1

9413e689f3c118152fcb844eee82dae13ffd378d
SHA256

bb055d6da2fe14b49ef88005ed43a507eb98087a0c8a6b722b781717eed8cac2
SHA512

73afbb904a0fd9f640a5254490d56ad8cddd91161c43ddd2a02693422db34443afcf45dfb210ea73ed98abf89ae84321f3ad54be4e4d406c257852d73240d749
SSDEEP

1536:DoAs868MBX80Stmv8oXJOL1WXPU85Jd1A2hlzP4CP:0Asj8MBX8s0oXJM1W/bR13RbP

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
832	VuzeInstaller.exe

Loads dropped DLL 3 IoCs

pid	Process
316	Vuze_5760_Installer.exe
316	Vuze_5760_Installer.exe
316	Vuze_5760_Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
832	VuzeInstaller.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 832	316	Vuze_5760_Installer.exe	30
PID 316 wrote to memory of 832	316	Vuze_5760_Installer.exe	30
PID 316 wrote to memory of 832	316	Vuze_5760_Installer.exe	30
PID 316 wrote to memory of 832	316	Vuze_5760_Installer.exe	30
PID 832 wrote to memory of 1924	832	VuzeInstaller.exe	31
PID 832 wrote to memory of 1924	832	VuzeInstaller.exe	31
PID 832 wrote to memory of 1924	832	VuzeInstaller.exe	31

C:\Users\Admin\AppData\Local\Temp\Vuze_5760_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Vuze_5760_Installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:316
- C:\Users\Admin\AppData\Local\Temp\VuzeInstall\VuzeInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\VuzeInstall\VuzeInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:832
- - \??\c:\PROGRA~1\java\jre7\bin\java.exe
    c:\PROGRA~1\java\jre7\bin\java.exe -version
    3⤵
    PID:1924

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VuzeInstall\VuzeInstaller.exe

Filesize
15.2MB

MD5
5b18f8a997246af58068ed43c5378ab0

SHA1
9d03855d2a3d2ac49ea69e96cc7eb6c3e3675a43

SHA256
e5f0aabf56d24054b7c6536f3d523ac786903b4747b9cf5db43f01be349eac1f

SHA512
af489ad6a40b4f1a68616f88b30e8fb4ec8d32cc1109e75ad78cf8ec9d2bbcb2faef0b9bfa714443b89ff1f7a82da10d3035c4505264370a507b831a8afcd733

Download Submit
C:\Users\Admin\AppData\Local\Temp\VuzeInstall\VuzeInstaller.exe

Filesize
15.2MB

MD5
5b18f8a997246af58068ed43c5378ab0

SHA1
9d03855d2a3d2ac49ea69e96cc7eb6c3e3675a43

SHA256
e5f0aabf56d24054b7c6536f3d523ac786903b4747b9cf5db43f01be349eac1f

SHA512
af489ad6a40b4f1a68616f88b30e8fb4ec8d32cc1109e75ad78cf8ec9d2bbcb2faef0b9bfa714443b89ff1f7a82da10d3035c4505264370a507b831a8afcd733

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
2KB

MD5
5557ab940c7fb30c8ada9fd3d61c5c1a

SHA1
e3cdaaaa65f1f16cacba10fc7d0e331b0cd224bf

SHA256
d41faf5fc166350b65b9293a48cc9652fcf01f9c7337c77a34d3d44699c2d3c8

SHA512
d67a1a0c2a5e7bbef9f66a020db1717070a0bfbcc5e438712a32b7befb26cf81d71c716f57b8fbe5d5595d1d123f33530266f3f4050ab845def442390db515c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
2KB

MD5
5557ab940c7fb30c8ada9fd3d61c5c1a

SHA1
e3cdaaaa65f1f16cacba10fc7d0e331b0cd224bf

SHA256
d41faf5fc166350b65b9293a48cc9652fcf01f9c7337c77a34d3d44699c2d3c8

SHA512
d67a1a0c2a5e7bbef9f66a020db1717070a0bfbcc5e438712a32b7befb26cf81d71c716f57b8fbe5d5595d1d123f33530266f3f4050ab845def442390db515c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
4KB

MD5
197d83a9661f6a9f855f1ab1be3ba3aa

SHA1
a39e151b47eac8c3c35d1d2289e42de50183bbd7

SHA256
c09c8f168143342020c9ac9e60d74dcb355d226c53093906080343e1fdfbc2c1

SHA512
185096f3e62496c3a29bd9fbb53d25f6866e07fdaa142f7e85f0a2bed97b33bc83c712155934e82bfb7be8008030bb86de50a64ba10af6425ed9bafd91a85991

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
541B

MD5
3cf9a0c05ede877db330ce9cafabdd7a

SHA1
d09dcba291f92e77a3725094b540aaa6a84b7695

SHA256
8ff0520e80c16100ce431e0cd74d385083c8a61545acb760afc04c7bea59f456

SHA512
6a58c791327e6d0e44049ce5806356c299109b13dacc0252f631ddc98608e22ff6b51bcf7d0dcc47f646b9ad3ce16c979f6103d4ffb4baf688745d3b9a8075c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
1KB

MD5
6fd81da6f388f4306dd24cc22464dad0

SHA1
425cef31ba7769e4af979f11d93e7e168900a527

SHA256
c7bf9978f75a786eb3256eacaab21524121107ae1a63906ee63af89d1af048be

SHA512
5f2cd1a217a802fad964ca96ec6f6f8439b3a97da8c25b7446c514f02b052fd726776ebd5b685a9d7eeba4eadaa5abc30f8bee48ba07ef348c18a0acef871573

Download Submit
\Users\Admin\AppData\Local\Temp\VuzeInstall\VuzeInstaller.exe

Filesize
15.2MB

MD5
5b18f8a997246af58068ed43c5378ab0

SHA1
9d03855d2a3d2ac49ea69e96cc7eb6c3e3675a43

SHA256
e5f0aabf56d24054b7c6536f3d523ac786903b4747b9cf5db43f01be349eac1f

SHA512
af489ad6a40b4f1a68616f88b30e8fb4ec8d32cc1109e75ad78cf8ec9d2bbcb2faef0b9bfa714443b89ff1f7a82da10d3035c4505264370a507b831a8afcd733

Download Submit
\Users\Admin\AppData\Local\Temp\nst245.tmp\System.dll

Filesize
11KB

MD5
883eff06ac96966270731e4e22817e11

SHA1
523c87c98236cbc04430e87ec19b977595092ac8

SHA256
44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82

SHA512
60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390

Download Submit
\Users\Admin\AppData\Local\Temp\nst245.tmp\inetc.dll

Filesize
21KB

MD5
d7a3fa6a6c738b4a3c40d5602af20b08

SHA1
34fc75d97f640609cb6cadb001da2cb2c0b3538a

SHA256
67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

SHA512
75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

Download Submit