Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
369s -
max time network
393s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
31/03/2023, 22:09
Static task
static1
Behavioral task
behavioral1
Sample
Vuze_5760_Installer.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Vuze_5760_Installer.exe
Resource
win10v2004-20230220-en
General
-
Target
Vuze_5760_Installer.exe
-
Size
89KB
-
MD5
b2ce12cffcc5ee39ffdb9329e83a4099
-
SHA1
9413e689f3c118152fcb844eee82dae13ffd378d
-
SHA256
bb055d6da2fe14b49ef88005ed43a507eb98087a0c8a6b722b781717eed8cac2
-
SHA512
73afbb904a0fd9f640a5254490d56ad8cddd91161c43ddd2a02693422db34443afcf45dfb210ea73ed98abf89ae84321f3ad54be4e4d406c257852d73240d749
-
SSDEEP
1536:DoAs868MBX80Stmv8oXJOL1WXPU85Jd1A2hlzP4CP:0Asj8MBX8s0oXJM1W/bR13RbP
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 832 VuzeInstaller.exe -
Loads dropped DLL 3 IoCs
pid Process 316 Vuze_5760_Installer.exe 316 Vuze_5760_Installer.exe 316 Vuze_5760_Installer.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 832 VuzeInstaller.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 316 wrote to memory of 832 316 Vuze_5760_Installer.exe 30 PID 316 wrote to memory of 832 316 Vuze_5760_Installer.exe 30 PID 316 wrote to memory of 832 316 Vuze_5760_Installer.exe 30 PID 316 wrote to memory of 832 316 Vuze_5760_Installer.exe 30 PID 832 wrote to memory of 1924 832 VuzeInstaller.exe 31 PID 832 wrote to memory of 1924 832 VuzeInstaller.exe 31 PID 832 wrote to memory of 1924 832 VuzeInstaller.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\Vuze_5760_Installer.exe"C:\Users\Admin\AppData\Local\Temp\Vuze_5760_Installer.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:316 -
C:\Users\Admin\AppData\Local\Temp\VuzeInstall\VuzeInstaller.exe"C:\Users\Admin\AppData\Local\Temp\VuzeInstall\VuzeInstaller.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:832 -
\??\c:\PROGRA~1\java\jre7\bin\java.exec:\PROGRA~1\java\jre7\bin\java.exe -version3⤵PID:1924
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15.2MB
MD55b18f8a997246af58068ed43c5378ab0
SHA19d03855d2a3d2ac49ea69e96cc7eb6c3e3675a43
SHA256e5f0aabf56d24054b7c6536f3d523ac786903b4747b9cf5db43f01be349eac1f
SHA512af489ad6a40b4f1a68616f88b30e8fb4ec8d32cc1109e75ad78cf8ec9d2bbcb2faef0b9bfa714443b89ff1f7a82da10d3035c4505264370a507b831a8afcd733
-
Filesize
15.2MB
MD55b18f8a997246af58068ed43c5378ab0
SHA19d03855d2a3d2ac49ea69e96cc7eb6c3e3675a43
SHA256e5f0aabf56d24054b7c6536f3d523ac786903b4747b9cf5db43f01be349eac1f
SHA512af489ad6a40b4f1a68616f88b30e8fb4ec8d32cc1109e75ad78cf8ec9d2bbcb2faef0b9bfa714443b89ff1f7a82da10d3035c4505264370a507b831a8afcd733
-
Filesize
2KB
MD55557ab940c7fb30c8ada9fd3d61c5c1a
SHA1e3cdaaaa65f1f16cacba10fc7d0e331b0cd224bf
SHA256d41faf5fc166350b65b9293a48cc9652fcf01f9c7337c77a34d3d44699c2d3c8
SHA512d67a1a0c2a5e7bbef9f66a020db1717070a0bfbcc5e438712a32b7befb26cf81d71c716f57b8fbe5d5595d1d123f33530266f3f4050ab845def442390db515c5
-
Filesize
2KB
MD55557ab940c7fb30c8ada9fd3d61c5c1a
SHA1e3cdaaaa65f1f16cacba10fc7d0e331b0cd224bf
SHA256d41faf5fc166350b65b9293a48cc9652fcf01f9c7337c77a34d3d44699c2d3c8
SHA512d67a1a0c2a5e7bbef9f66a020db1717070a0bfbcc5e438712a32b7befb26cf81d71c716f57b8fbe5d5595d1d123f33530266f3f4050ab845def442390db515c5
-
Filesize
4KB
MD5197d83a9661f6a9f855f1ab1be3ba3aa
SHA1a39e151b47eac8c3c35d1d2289e42de50183bbd7
SHA256c09c8f168143342020c9ac9e60d74dcb355d226c53093906080343e1fdfbc2c1
SHA512185096f3e62496c3a29bd9fbb53d25f6866e07fdaa142f7e85f0a2bed97b33bc83c712155934e82bfb7be8008030bb86de50a64ba10af6425ed9bafd91a85991
-
Filesize
541B
MD53cf9a0c05ede877db330ce9cafabdd7a
SHA1d09dcba291f92e77a3725094b540aaa6a84b7695
SHA2568ff0520e80c16100ce431e0cd74d385083c8a61545acb760afc04c7bea59f456
SHA5126a58c791327e6d0e44049ce5806356c299109b13dacc0252f631ddc98608e22ff6b51bcf7d0dcc47f646b9ad3ce16c979f6103d4ffb4baf688745d3b9a8075c0
-
Filesize
1KB
MD56fd81da6f388f4306dd24cc22464dad0
SHA1425cef31ba7769e4af979f11d93e7e168900a527
SHA256c7bf9978f75a786eb3256eacaab21524121107ae1a63906ee63af89d1af048be
SHA5125f2cd1a217a802fad964ca96ec6f6f8439b3a97da8c25b7446c514f02b052fd726776ebd5b685a9d7eeba4eadaa5abc30f8bee48ba07ef348c18a0acef871573
-
Filesize
15.2MB
MD55b18f8a997246af58068ed43c5378ab0
SHA19d03855d2a3d2ac49ea69e96cc7eb6c3e3675a43
SHA256e5f0aabf56d24054b7c6536f3d523ac786903b4747b9cf5db43f01be349eac1f
SHA512af489ad6a40b4f1a68616f88b30e8fb4ec8d32cc1109e75ad78cf8ec9d2bbcb2faef0b9bfa714443b89ff1f7a82da10d3035c4505264370a507b831a8afcd733
-
Filesize
11KB
MD5883eff06ac96966270731e4e22817e11
SHA1523c87c98236cbc04430e87ec19b977595092ac8
SHA25644e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82
SHA51260333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390
-
Filesize
21KB
MD5d7a3fa6a6c738b4a3c40d5602af20b08
SHA134fc75d97f640609cb6cadb001da2cb2c0b3538a
SHA25667eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
SHA51275cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934